Q: Following a breach, many organizations post a breach notification letter to their website. Is there a particular spot on the site that it must be posted? Can the link to the notification letter be posted anywhere on the homepage?
Q: Many organizations have outsourced their PHI disposal for years. With coronavirus limiting the number of people coming in and out of medical facilities, what are your suggestions for organizations that now have to take care of PHI disposal themselves? What are the most important things to remember when handling this process?
Utah Pathology Services, Inc. experienced an email hack in late June that may have exposed the personal information of 112,124 individuals, according to the Office for Civil Rights (OCR) breach report.
HHS and the Substance Abuse and Mental Health Services Administration (SAMHSA) finalized the 42 CFR Part 2 Revised Rule in July, implementing updated regulations governing the confidentiality of patient records for the treatment of substance use disorders (SUD).
Q: Does HIPAA allow a covered entity or business associate to use a cloud services provider (CSP) that stores protected health information (PHI) on servers outside the United States?
Following the public health emergency (PHE) declaration in the state of California due to wildfires, HHS released a bulletin covering HIPAA waivers and disclosures during emergency situations.
As hospitals and health systems continue to learn about the growing number of security threats and their consequences, the role of the chief information security officer (CISO) has become more significant.
The Office for Civil Rights (OCR) issued amended guidance on August 24 regarding covered entities (CE) and health plans contacting patients who have recovered from the novel coronavirus (COVID-19) to inform them about donating blood to help other COVID-19 patients.
Q: If a person has a history of substance abuse, but at the time of admission appears to be of sound mind, is that patient’s personal representative still entitled to receive information about the patient’s treatment and status?
