The HIPAA Security Rule preamble reinforces training "criticality" and restates the standard, "We require training of the workforce as reasonable and appropriate to carry out their functions in the facility." Security training is essential.
The term "data rich and information poor" has been used to describe EMRs. Patient records are often packed with data, but that data is less than helpful if it is difficult to find at a moment's notice.
Despite gains in compliance and security potentially linked to industry emphasis on the HIPAA Omnibus Rule, some dangerous gaps remain regarding corporate email and file transfer habits.
The HIPAA Omnibus Rule, which includes modifications to the privacy and security rules, is in full effect now. And guess what? There's no reason to be terrified.
Q: My brother claims he read in his dentist's HIPAA statement that information was disclosed to CIA and other government agencies. I suspect that his dentist was editorializing, but wanted to check. Could you explain what should be included in a HIPAA statement that should be in physician/dentist offices? Can you direct me to the official statement?
