Despite the last-minute changes, MOON implementation went smoothly for many hospitals. But the full impact won't be visible until hospitals can determine how, and to what extent, the MOON will play into audits.
This month's security Q&A answers readers' questions about accounting of disclosures, providing information to marketing departments, unencrypted emails, and terminating BAAs.
This due digilence checklist will help track and evaluate document requests, warn of privacy and security issues, and provide a basis for determining action plans and resources required to integrate privacy and security programs.
Effective privacy and information security programs start with attention to governance. These eight guidelines will help establish and measure privacy and information security structure and processes.
Even the best security can be circumvented by an insider or a cutting-edge cyberattack but an organization doesn’t have to weather the cost alone. Cyber insurance can help cover a variety of breach expenses, and some policies even provide pre-breach services and tools designed to bring an organization’s security to the next level.
Q: Are county entities such as county counsel, public defenders, patient rights advocates, the courts, correctional facilities, and law enforcement required to comply with HIPAA?
Q. My facility offers telehealth services as an originating site. Is the distant site acting as a BA in these situations? Is my facility responsible for ensuring the distant site is in compliance with the Security Rule?
A ransomware attack launched May 12 crippled systems around the world and raised questions about the healthcare industry’s ability to withstand a massive cyberattack.
Q: Is a covered entity required to see a copy of a business associate’s risk management and security plan? Do we need to have a copy of this in our files?
