HIPAA training is required by the HIPAA rules, under § 164.530, Administrative requirements. But just because it’s required doesn’t mean it has to be repetitive, boring, or unappealing. There are ways to make your healthcare staff excited about HIPAA training. At the very least, you can do your part to make sure they’re engaged.
The New York City Fire Department (FDNY), which operates ambulances, disclosed in August that 10,253 patients treated or transported by the FDNY from 2011 to 2018 may have had their protected health information (PHI) compromised after an external hard drive containing unencrypted data went missing in March, according to an FDNY press release.
Q: Is there anything that a hospital needs to do regarding HIPAA and the confidentiality of famous patients? Obviously employees shouldn’t snoop, but can you recommend any added protections?
OCR in 2013, through the Health Information Technology for Economic and Clinical Health (HITECH) Ac,t issued a final rule identifying provisions of the HIPAA rules that apply directly to business associates (BA) and those provisions for which BAs are directly liable.
Q: Research coordinators are tasked with finding suitable candidates for research studies. Because our coordinators work for a hospital, is the work they do in finding candidates for research an activity that is subject to HIPAA? What do we need to do to ensure HIPAA compliance?
HIPAA security officers arguably have more on their plates now than ever before as the cloud and mobile era are fully upon us and potential cybercriminal access to PHI increases,
Q: Do HIPAA privacy rules apply to foreign nationals receiving healthcare from a U.S.-based healthcare provider? Are there any provisions for sharing information with a patient’s provider overseas?
The Nemadji Research Corp., a patient eligibility and billing service based in Minnesota, announced that the protected health information of thousands of patients may have been exposed earlier this year after a Nemadji employee fell victim to a phishing attack.
Q: We still use a color-coded filing system at my organization that uses specific colors to identify patient types, like whether an individual is a Medicaid/CHIP patient. These files are mostly used for billing documentation. Because the colors identify patient type, would this be considered a HIPAA violation?
