Partners HealthCare System, Inc., notified more than 2,000 patients on February 5 that their protected health information may have been affected by a breach in 2017.
Q: I work at a marketing company, and we are trying to figure out what exactly we can put on a postcard. What is required, per HIPAA regulations, to be fully compliant if we were to do things like dental patient reminders? We would have patient information from the offices. How would we need to handle that information? What are we allowed to include in our designs?
Auditing of technical controls is increasingly important as both the level of use and technical sophistication of applications, hardware, and networking increase.
If your organization is regulated by HIPAA, either as a covered entity (CE) or as a business associate (BA), you probably started a HIPAA training program years ago when the privacy and security rules mandating training were published. Whether old or recently created, your training program may not have met reasonable expectations to begin with. Now may be a good time to review, refresh, and refine that program to take it to a new level.
As healthcare organizations navigate an increasingly complex regulatory environment, leaders at various levels—particularly HIM, release of information (ROI), compliance, finance, health information technology (HIT), privacy, and security—face unprecedented challenges.
HIPAA lays out specific requirements for breach response and reporting. Although most organizations might understand these requirements in theory, compliance is often tricky in practice.
Fresenius Medical Care North American (FMCNA), a multistate clinic and provider network specializing in chronic kidney failure treatment, agreed to a $3.5 million HIPAA violation settlement.
Q: If a patient accidentally puts the paperwork in the trash or on the table, and the information on the paperwork is visible to other patients or family members, is it a HIPAA violation?
