UnityPoint Health in Des Moines, Iowa, notified approximately 1.4 million patients in late July that their personal information may have been breached after hackers used phishing techniques to enter the company’s email system.
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of training for things like safety and policies, or is there a risk that someone could identify the real people who were involved?
Most HIPAA covered entities have become steadfast in ensuring their digital environments that house ePHI are safe and secure, but this should not be your organization’s only concern. In its May OCR Cybersecurity Newsletter, OCR encouraged healthcare organizations to not forget about workstation security and physical security when it comes to protecting ePHI.
Q: Is texting an acceptable way to communicate with a patient? Do we need to ask the patient to sign a form with a statement to the effect that they prefer that we text information on test results, etc., rather than leave a voicemail asking them to call?
Hospitals continue to acquire or affiliate more closely with physician practices at a breakneck speed to operate more effectively under value-based purchasing or accountable care organization reimbursement models. But many organizations struggle with how to integrate their different EHR systems, forms, and templates long after the physicians become hospital employees.
