HIPAA

This month's Q&A answers readers' questions about release of information, using whiteboards in patient rooms, and breach response.

Tips from this month's issue.

This month's HIPAA Q&A answers our readers' questions about disclosures to family members, healthcare providers, and home health visits to gated communities.

Breaches are expensive and the price tag increases when preparation and formal documentation are lacking. One of the challenges of tracking security incidents and determining if a breach of PHI or PII is a reportable breach is developing a consistent assessment process and building a centralized breach tracking system.

Network devices make life easier in many ways, but they can be a significant challenge for security officers. These devices must be carefully managed and security officers need to be kept in the loop when any decision is made to add a device to the network.

Distributed denial of service (DDoS) attacks are one of the oldest cyberattacks in the books, but they’re still common and can knock out vital services, leaving patients and providers unable to access EHRs and other systems.

A Nashville medical center notified more than 3,000 individuals of a breach of protected health information (PHI).

Q. Are we required to have employees change their passwords on a regular schedule? If so, how often should we reset passwords?

The Office for Civil Rights (OCR) sent a $5.5 million message about the importance of audit and access controls in its latest HIPAA settlement, OCR announced February 16.

We recently acquired a clinic across state lines. If we apply a universal privacy and information security policy to our organization, should we use only HIPAA as the benchmark or whichever of the state laws prescribes a higher level of privacy and security?