In an interview with Briefings on HIPAA, Tim Noonan, deputy director for the Division of Health Information Privacy at OCR, discussed cybersecurity and trends in reports of unsecured PHI to OCR. This article includes the highlights.
OCR meant what it said in February of this year about patients’ right of access to their medical records. The HIPAA Privacy and Security Rule enforcer issued its first enforcement action under its “Right of Access Initiative” in September.
Employees need to know what to do and what not to do when it comes to ensuring protected health information (PHI) remains secure. That’s where TeachPrivacy comes in as an excellent resource for quality staff training.
Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
Patients are getting emboldened in the digital age and want quicker, more efficient—immediate, really—access to medical records. Further, the government is reinforcing existing regulations and creating new rules around data sharing that require entities to make healthcare records more accessible and deliver records to patients in their desired electronic format. Technology innovation has made this much easier for healthcare facilities to accomplish.
HIPAA training is required by the HIPAA rules, under § 164.530, Administrative requirements. But just because it’s required doesn’t mean it has to be repetitive, boring, or unappealing. There are ways to make your healthcare staff excited about HIPAA training. At the very least, you can do your part to make sure they’re engaged.
The New York City Fire Department (FDNY), which operates ambulances, disclosed in August that 10,253 patients treated or transported by the FDNY from 2011 to 2018 may have had their protected health information (PHI) compromised after an external hard drive containing unencrypted data went missing in March, according to an FDNY press release.
Q: Is there anything that a hospital needs to do regarding HIPAA and the confidentiality of famous patients? Obviously employees shouldn’t snoop, but can you recommend any added protections?
