Q: In OCR's $3 million settlement with Touchstone Medical Imaging, one of Touchtone's FTP servers allowed uncontrolled access to patients’ PHI. This permitted search engines to index the PHI of patients, which remained visible even after the server was taken offline. What missteps can providers avoid in this arena?
A Texas-based healthcare company reached a voluntary resolution agreement with HHS and the Office for Civil Rights (OCR) on January 16 regarding allegations that it had failed to provide effective communication to hearing-impaired patients.
While the Privacy Rule applies to various types of health information, the Security Rule only applies to electronic protected health information (ePHI). The major goal of the Security Rule is to ensure proper safeguards are in place for the storing, maintaining, and transmission of ePHI.
With 2020 underway, it’s a good time for facilities to review the standards set forth by the rules that define HIPAA regulations. Without a thorough understanding throughout an organization, it can be easy for violations to occur.
The application of attorney-client privilege is somewhat more complicated in situations where the client is a corporation. Although corporations are entitled to the same protection of confidentiality as noncorporate clients, the application of the privilege often turns on which corporate officials and employees sufficiently personify the corporation as a client.
In many companies, the compliance officer is the first to become aware of a potential compliance problem that could lead to civil or criminal liability. A best practice is to give the compliance officer the authority to conduct internal investigations.
The Office for Civil Rights (OCR) reached a settlement with Korunda Medical LLC, a Florida-based company, on December 11 for a potential violation of the HIPAA Privacy Rule’s right-of-access provision.
Behavioral health facilities and professionals experience some unique challenges when it comes to handling PHI and patient requests. The following article offers tips for handling those challenges and scenarios to consider.
Healthcare Administrative Partners, a medical billing company in Pennsylvania that provides billing, coding, and practice management services to hospital-affiliated physician practices, recently notified 17,693 patients of a data breach that may have exposed their protected health information.
When voluntary disclosure for overpayments is an option rather than an obligation, the provider may encounter diverse opinions among its decision-makers. Some may express a desire to bring the potential problem to the attention of the government and attempt to resolve the matter quickly without incurring criminal penalties, civil fines, or exclusions.
