HIPAA

Although HIPAA laws do not specify any time frame on updating policies and procedures, OCR has expectations. Here are three recent settlements where OCR has included mandates to update policies and procedures. You can apply some of these lessons in your organization.

Q: I work at the front desk at a clinic. My neighbor is one of our patients, and recently he asked if I could see when some test results would be available. Since I already had access to his records, is it a HIPAA violation to fulfill his request?

HIPAA covered entities that maintain poor policies and procedures related to HIPAA compliance—those that are unfinished in draft form, not updated in years, and basically not followed to the letter—have cost them dearly.

The plaintiffs in a class action lawsuit against Premera Blue Cross over a 2015 data breach now allege that the health insurance company destroyed key evidence, according to new documents filed in August.

Q: If we hire temporary nursing staff through a staffing agency, do they need to complete our facility’s HIPAA training, or can we consider the training the agency provides sufficient?

Think software patching and vulnerability detection is just an IT thing? Certainly it starts there.

Learn how HIM can target resources to reduce both internal and external threats to PHI.

This month's Q&A answers readers' questions about identification requirements, out-of-work information disclosure, and PHI and record retention

The Arc Erie County New York will pay a $200,000 fine to the state after it was discovered earlier this year that client data was exposed on its website for nearly three years.

Q: My primary care provider was running late for an appointment. When he finally came in the exam room, he told me he was late because his previous patient was very emotional. Is it a violation of HIPAA for a provider to share details about one patient with another?