Consumer-facing health apps and personal health records are booming, and some covered entities such as health plans or clinics leverage these services to help patients. But it can sometimes be difficult to determine whether these vendors fall under HIPAA or not.
Q. Is it a HIPAA violation if a hospital receives a faxed Healthcare Effectiveness Data and Information Set (HEDIS) request and the hospital cannot identify the patient by full name, last name, or birthdate?
This month's security Q&A answers readers' questions about accounting of disclosures, providing information to marketing departments, unencrypted emails, and terminating BAAs.
State-sponsored hackers may be planning to exploit multiple Microsoft vulnerabilities to launch large-scale attacks against healthcare organizations, HHS warned.
