HIPAA

Q: If paper documents that contain PHI are shredded, is it acceptable for an organization to dispose of them in a dumpster? If not, should we hire a business associate to dispose of papers that contain protected health information?

Tips from this month's issue.

This month's Q&A answers readers' questions about storing patient photos in the EMR, ransomware, and incidental disclosures.

Use this sample form to create an inventory of all business associates, including contact information, services provided, the date the business associate agreement is signed, and the date it expires.

Cyberattacks are growing more common and more devastating. Organizations without a clear plan of action could be left scrambling to mount a unified response—and running afoul of HIPAA.

Poor cybersecurity in the healthcare industry amounts to a public health concern, according to the Health Care Industry Cybersecurity Task Force, a federal task force established to fulfill requirements of the Cybersecurity Act of 2015.

Tips from this month's issue.