HIPAA

Before HITECH, covered entities (CE) could pretty much say, the government was all bark and no bite when it came to HIPAA enforcement.

Patients may have easier access to laboratory results under an HHS proposed rule, "CLIA Program and HIPAA Privacy Rule: Patients' Access to Test Reports," released in September.

Q A patient signed an authorization form eight months ago, and her attorney is now submitting it to obtain a copy of her medical records. Is this authorization still valid, or do we need to get the patient to sign a new authorization?

Breaches are expensive and can be directly related to sending PHI unencrypted over the Internet. There are a number of vendors who offer secure messaging tools but not all are equal. Protected Trust is more than just a secure messaging solution. Protected Trust's application also includes tools to assist with broader security control implementation and compliance with HIPAA and HITECH.

Test staff members' knowledge of HIPAA with these questions from readers.

Could a data breach be life-threatening?

The security of PHI is no longer the exclusive domain of covered entities (CE).

Undocumented policies and procedures are among the top five stumbling blocks to HIPAA compliance that Chris Apgar, CISSP, finds when he audits healthcare organizations.

Q A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or business ­associate (BA) violate HIPAA? Must the patient disclosure ­accounting record include this incident?

Breaches are expensive, and the price tag increases when preparation and formal documentation are lacking. Identity Theft Guard Solutions, LLC, in Portland, OR, doing business as ID Experts, has introduced a do-it-yourself breach assessment, monitoring, and investigation tool called RADAR™ that helps reduce costs associated with lack of preparation, breach investigation, notification, and documentation.