UnityPoint Health in Des Moines, Iowa, notified approximately 1.4 million patients in late July that their personal information may have been breached after hackers used phishing techniques to enter the company’s email system.
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of training for things like safety and policies, or is there a risk that someone could identify the real people who were involved?
Most HIPAA covered entities have become steadfast in ensuring their digital environments that house ePHI are safe and secure, but this should not be your organization’s only concern. In its May OCR Cybersecurity Newsletter, OCR encouraged healthcare organizations to not forget about workstation security and physical security when it comes to protecting ePHI.
Q: Is texting an acceptable way to communicate with a patient? Do we need to ask the patient to sign a form with a statement to the effect that they prefer that we text information on test results, etc., rather than leave a voicemail asking them to call?
Along with quality measure removals in the 2018 OPPS and MPFS final rules, CMS has continued to propose additional removals in the 2019 proposed rules. In addition, the agency is proposing to add to its ability to remove quality measures in the future.
