At HCPro's Accreditation Specialist Boot Camp, we continue to receive questions about standing orders, protocols, and verbal/telephone orders. With spring on its way by the time this article is published, I thought a fresh look at these topics would be in order (no pun intended). Let's try to dispel the myths and go straight to what the regulations say and what is best practice to meet them.
Q: Is there a sample risk analysis about how an enterprise or clinic might evaluate and determine if data-at-rest protection through encryption is reasonable and appropriate as defined in the HIPAA Security Rule?
There's considerable confusion about what HIPAA means and what your obligations are under the regulations. I recently presented at a Midwest physician association conference. As is almost always the case, in the front row was an attendee just waiting for the Q&A session.
