A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?
The HIPAA security rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of those CEs that found itself under the microscope.
Unfortunately for Cascade, a virus invaded part of its computer system in December 2007, exposing the data of more than 11,500 donors and landing the healthcare system in the headlines.
When breaches occur, you are required to notify the affected patients or their legal representatives. A minor child's legal representative is a parent or legal guardian.
The wireless and the wired environment are each subject to potentially significant security risks.
Aruba Networks, Inc., offers a wireless solution that significantly reduces security risks, minimizes organizational costs, and can be deployed quickly.
OCR has established privacy advisors in each of its regional offices to provide HIPAA privacy and security guidance and education. HITECH required the HHS secretary to designate an individual in each of its regional offices.
Don't wait for OCR to publish all the HITECH implementation rules before taking action, Apgar said during "Business Associate Action Plan: Comply with HITECH by February Deadline," a recent HCPro audio conference.
On August 19, 2009, HHS released its interim final rule on breach notification of unsecure protected health information (PHI) and the acceptable methods for covered entities (CE) and business associates (BA) to encrypt and destroy patient records to prevent breaches.
Booz Allen Hamilton, a McLean, VA–based firm that was commissioned in 2008 by the Office of the National Coordinator for Health Information Technology to research medical identity theft in the United States, says all facilities can adopt the following strategies:
