HIPAA

Society has become increasingly reliant on social media, utilizing various platforms to connect with friends and colleagues, share opinions, and access information.

Q: We need to train a wide range of employees on HIPAA — from physicians to temporary nursing staff hired through a staffing agency to medical scribes and coders. Should we utilize the same HIPAA training methods across the board? Or do you recommend that we develop different training methods for each department? How should we go about doing that?

Even before the floodgates opened with COVID-19, healthcare providers were dealing with a dramatic increase in ransomware attacks.

Q: If a patient is incapacitated, the Privacy Rule allows for a doctor to discuss the patient’s condition with a family member, according to HHS. What would the protocol be when the patient is divorced, but the ex-husband or ex-wife makes an inquiry about the patient’s status?

Q: I understand that disclosures of PHI can be made to law enforcement without patient authorization when the patient is suspected of committing a crime. What disclosures are permitted when law enforcement officials are investigating another person of a crime and a patient’s PHI may or may not provide evidence?

Q: Do you know if offices have any tablets or computers people can use in which they might log into an account? If so, are there rules governing password retention or auto logouts they need to consider?

CMS and the Office of the National Coordinator for Health Information Technology (ONC) announced on April 21 the delay of the deadline for implementation of the interoperability final rule, citing the need for hospitals to focus entirely on the COVID-19 pandemic.

Hospitals, health systems, and long-term care facilities are being challenged by census workers requesting information about patients and residents to conduct an accurate census. Some have gone as far as stating that they have a right to access hospital electronic health records (EHR).

Q: Regarding patient portals, to what degree is it the individual’s responsibility to keep his or her health information private? Would the healthcare organization be liable if someone else obtained the individual’s login credentials—perhaps if the individual is known to use the same password for many applications—and accessed the records?

The Office for Civil Rights (OCR) announced on April 9 that it will not impose penalties for violations of HIPAA rules in connection with the operation of novel coronavirus (COVID-19) testing sites during the public health emergency.