HIPAA

Tips from this month's issue.

This month's HIPAA Q&A answers readers' questions about cell phone use, disclosing PHI, and sharing information between providers.

Take a look back at Briefings on HIPAA articles and topics you may have missed in 2017.

As cyberattacks become more sophisticated and frequent, the old monitor logs or reliance on security information and event management tools just don’t cut it anymore; neither do old signature-based antimalware tools. Today, there are very sophisticated tools on the market that do a much better job of protecting the data and IT assets of covered entities and business associates.

Everyone is familiar with the words “privacy” and “security,” but what do these terms mean to the experts, and what is the relationship between privacy and security?

With massive data breaches rocking industries and the public, and policymakers scrutinizing how organizations respond, it’s time to dust off policies and ensure organizations have meaningful, compliant reporting and response plans.

HIPAA compliance and enforcement saw its share of highs and lows in 2017. As the year comes to a close, it’s a good time to look back on what your organization has learned—in terms of personal growth and lessons gleaned from other organizations.

Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?

Intentionally concealing a data breach could lead to jail time for C-suite executives under a bill introduced in the Senate November 30.

OCR’s 2016 guidance on patient access opened up a debate in the industry and brought questions about fulfilling patient access requests to the foreground.