HIPAA

Network devices make life easier in many ways, but they can be a significant challenge for security officers. These devices must be carefully managed and security officers need to be kept in the loop when any decision is made to add a device to the network.

Distributed denial of service (DDoS) attacks are one of the oldest cyberattacks in the books, but they’re still common and can knock out vital services, leaving patients and providers unable to access EHRs and other systems.

A Nashville medical center notified more than 3,000 individuals of a breach of protected health information (PHI).

Q. Are we required to have employees change their passwords on a regular schedule? If so, how often should we reset passwords?

The Office for Civil Rights (OCR) sent a $5.5 million message about the importance of audit and access controls in its latest HIPAA settlement, OCR announced February 16.

We recently acquired a clinic across state lines. If we apply a universal privacy and information security policy to our organization, should we use only HIPAA as the benchmark or whichever of the state laws prescribes a higher level of privacy and security?

A Michigan cancer center recently notified 22,000 individuals of a breach of protected health information (PHI).

Q: A patient needs a letter from his employer and parole officer to be prescribed a certain medication. Is it a HIPAA violation to forward the letter to the employer to validate its authenticity?

Q: Is it a HIPAA violation to list the names of individuals who make donations in memory of a deceased patient as well as the names of those memorialized? And, if so, can this be remedied by adding language to our Notice of Privacy Practices advising that this practice will occur unless the patient objects?

Tips from this month's issue.