The HIPAA Security Rule requires covered entities (CE) to conduct periodic evaluations of their information security programs.
However, Phyllis A. Patrick, MBA, FACHE, CHC, wonders how many organizations have completed the kind of evaluation the Security Rule standard requires.
On July 8, HHS released a proposed rule to modify the HIPAA privacy, security, and enforcement rules, extending HIPAA compliance requirements to subcontractors of business associates (BA) and strengthening patient rights to health information privacy.
The HITECH Act includes new privacy requirements that allow for stronger individual rights to access electronic health records (EHR) and restrict the disclosure of certain PHI.
Incidents involving paper records and desktop computers are second and third most common on the growing list of privacy breaches reported on the OCR website. (The No. 1 reason for privacy breaches re-mains the loss or theft of laptop computers and other portable devices. Briefings on HIPAA looked at ways to prevent those types of privacy breaches in the June issue.)
When it comes to release of information (ROI), it may seem that exceptions are the rule. But you must know when you can and cannot release information to protect the privacy of your facility’s patients.
Electronic health information exchange (HIE) has become the center of attention for most states, and many healthcare organizations want to tap into available stimulus dollars and new electronic health record (EHR) incentives.
Because of the high risk that laptop computers and other portable devices create for a potential privacy breach, healthcare organizations should consider creating an easy-to-understand training guide that describes staff members’ responsibilities.
