Q: Do companies such as FitBit (and others that sell wearable devices that track and store health information) need to abide by HIPAA regulations? Should I be concerned with how these companies are viewing and sharing my health information?
Q: If we work with a business associate (BA) that enters into agreements with BA subcontractors, are we required to obtain copies of these agreements and review them?
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of our HIPAA training? We’ve always been told that real-life examples will resonate with staff, but wouldn’t this be a HIPAA violation?
Saint Alphonsus Health System, a healthcare provider in Boise, Idaho, suffered a security breach that impacted 134,906 individuals, according to the Office for Civil Rights (OCR) breach portal.
Q: We are coming up on our annual HIPAA training for staff. We have used the same training program for several years—it covers the basics and places a strong emphasis on recognizing phishing and other cyberattack tactics. Given the events of the past year, are there any other security trends we should be sure to highlight during our training session?
Q: As we look forward to 2021, we’re looking to utilize the most up-to-date HIPAA training strategies. I am responsible for training clinical and clerical staff annually. Do you have any recommendations for job-specific HIPAA training?
The Office for Civil Rights (OCR) announced on March 9 a 45-day extension for the public comment period for the Notice of Proposed Rulemaking (NPRM) to modify the HIPAA Privacy Rule.
Welcome to the brave, not-so-new world of compliance and cybersecurity! News of cybercrime seems to be constantly in the headlines, and healthcare is one of the key industries being targeted.
