The Office for Civil Rights (OCR) on December 17 released its 2016-2017 HIPAA audits industry report, providing an overview of how selected covered entities (CE) and business associates (BA) complied with certain provisions of the HIPAA privacy, security, and breach notification rules.
Q: I am confused on the HIPAA rules for patients needing to show their driver’s license at the doctor’s office, hospital, or any other medical facility so the driver’s license can be scanned and put into their systems. I have refused to do that, but the facilities informed me that they were required by Medicare to scan the driver’s license. Is there a rule that clearly states that this is a requirement?
The Office for Civil Rights (OCR) at HHS announced on December 10 proposed modifications to the HIPAA Privacy Rule, placing an emphasis on individuals’ right of access to their protected health information (PHI).
It’s time to circle back to the topic of remote access. Last month you were provided a checklist to send to your remote employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, it’s important to share additional information that can help you protect your organization and your data.
Q: When dealing with a natural disaster such as the California wildfires, does the HIPAA Privacy Rule allow information to be shared more easily? What are some examples of changes to the Privacy Rule during these circumstances?
Tufts Health Plan, a Massachusetts-based health insurance company, reported a breach on November 25 that affected 60,545 individuals, according to the Office for Civil Rights (OCR) breach report.
The ability of healthcare organizations to defend against cyberthreats was a top priority entering 2020. As we close the book on the calendar year, the severity of these threats—and the frequency with which they are attacking healthcare organizations—has continued to increase at an alarming rate.
Q: What type of protected health information (PHI) can be used for marketing? Are authorizations always necessary when using PHI for marketing purposes? If not, what are some situations when patient authorization would not be required?
AspenPointe Inc., a Colorado-based mental health and behavioral healthcare provider, reported a breach on November 19 affecting 295,617 individuals, according to the Office for Civil Rights (OCR) breach report.
