HIPAA

Even the best security can be circumvented by an insider or a cutting-edge cyberattack but an organization doesn’t have to weather the cost alone. Cyber insurance can help cover a variety of breach expenses, and some policies even provide pre-breach services and tools designed to bring an organization’s security to the next level.

Q: Are county entities such as county counsel, public defenders, patient rights advocates, the courts, correctional facilities, and law enforcement required to comply with HIPAA?

Two misdirected faxes cost a New York City hospital $387,200 in a HIPAA settlement.

Q. My facility offers telehealth services as an originating site. Is the distant site acting as a BA in these situations? Is my facility responsible for ensuring the distant site is in compliance with the Security Rule?

A ransomware attack launched May 12 crippled systems around the world and raised questions about the healthcare industry’s ability to withstand a massive cyberattack.

Q: Is a covered entity required to see a copy of a business associate’s risk management and security plan? Do we need to have a copy of this in our files?

Q: Since our last risk analysis, we’ve added a patient portal. Do we need to include the patient portal in our risk analysis?

This month's Q&A answers our readers' HIPAA questions on returning insurance cards, making appointments for family members, and email encryption.