Consumer-facing health apps and personal health records are booming, and some covered entities such as health plans or clinics leverage these services to help patients. But it can sometimes be difficult to determine whether these vendors fall under HIPAA or not.
This month's Q&A answers our readers' questions about releasing protected health information via a health information exchange, sharing patient information with law enforcement, and paper record retention requirments.
In a year of uncertainty, the healthcare industry can rely on one thing: OCR is taking HIPAA enforcement seriously. As of July 1, OCR has collected more than $17 million in monetary settlements from nine organizations.
Staffing problems and outdated equipment and software are healthcare’s top cybersecurity challenges, according to a June 2 report released by the Health Care Industry Cybersecurity Task Force, a federal task force established to fulfill requirements of the Cybersecurity Act of 2015.
Despite the last-minute changes, MOON implementation went smoothly for many hospitals. But the full impact won't be visible until hospitals can determine how, and to what extent, the MOON will play into audits.
This month's security Q&A answers readers' questions about accounting of disclosures, providing information to marketing departments, unencrypted emails, and terminating BAAs.
This due digilence checklist will help track and evaluate document requests, warn of privacy and security issues, and provide a basis for determining action plans and resources required to integrate privacy and security programs.
Effective privacy and information security programs start with attention to governance. These eight guidelines will help establish and measure privacy and information security structure and processes.
