OCR in 2013, through the Health Information Technology for Economic and Clinical Health (HITECH) Ac,t issued a final rule identifying provisions of the HIPAA rules that apply directly to business associates (BA) and those provisions for which BAs are directly liable.
Q: Research coordinators are tasked with finding suitable candidates for research studies. Because our coordinators work for a hospital, is the work they do in finding candidates for research an activity that is subject to HIPAA? What do we need to do to ensure HIPAA compliance?
HIPAA security officers arguably have more on their plates now than ever before as the cloud and mobile era are fully upon us and potential cybercriminal access to PHI increases,
Q: Do HIPAA privacy rules apply to foreign nationals receiving healthcare from a U.S.-based healthcare provider? Are there any provisions for sharing information with a patient’s provider overseas?
The Nemadji Research Corp., a patient eligibility and billing service based in Minnesota, announced that the protected health information of thousands of patients may have been exposed earlier this year after a Nemadji employee fell victim to a phishing attack.
Q: We still use a color-coded filing system at my organization that uses specific colors to identify patient types, like whether an individual is a Medicaid/CHIP patient. These files are mostly used for billing documentation. Because the colors identify patient type, would this be considered a HIPAA violation?
Q: If I provide telehealth services to patients using video conferencing, how can I make sure these video sessions are compliant with HIPAA’s Security Rule?
A recent HIPAA breach that involved transmission of PHI to only one party—a reporter—nonetheless cost a Connecticut practice $125,000, in part because the practice didn’t take simple precautions.
