Almost every digital copier built since 2002 contains a hard drive, like the ones on computers, storing an image of every document copied, scanned, or e-mailed by the machine. This advanced technology has opened a dangerous hole in data security. Used copy machines, which are often resold, can contain lots of sensitive information, including PHI.
Old and inadequate policies and procedures is one of seven shortcomings CMS found in its 2009 audits of healthcare organizations to determine compliance with the HIPAA Security Rule.
Q. Posting resident names and pictures, disclosing minors’ PHI to parents, and unencrypted e-mails
The Prescription Drug Monitoring Program (PDMP) is available in 34 states. Pharmacists are required to report patient names and any controlled substances prescribed. The prescription data are made available to prescribers to assist with pain management and identifying drug-seeking behavior.
Are there any HIPAA-related issues prescribers and pharmacists should be aware of when accessing prescription information or providing it to states?
When it comes to social networking websites, advocates say hospitals can have it both ways—reaping the benefits of their participation and avoiding any HIPAA privacy violations.
Your incident response plan should be in strict compliance with HITECH requirements, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.
Q. We received a request under the California Public Records Act from the local newspaper for copies of incident reports of injuries to staff by psychiatric patients. County counsel stated that only patient information that is specifically made confidential by law can be redacted.
