Q: A patient needs a letter from his employer and parole officer to be prescribed a certain medication. Is it a HIPAA violation to forward the letter to the employer to validate its authenticity?
Q: Is it a HIPAA violation to list the names of individuals who make donations in memory of a deceased patient as well as the names of those memorialized? And, if so, can this be remedied by adding language to our Notice of Privacy Practices advising that this practice will occur unless the patient objects?
The HIPAA Security Rule isn't specific about the timing of training, but it includes awareness building, reminders, and specific topics that must be addressed. Education, training, and awareness building are critical to privacy and security compliance.
HIPAA privacy and security professionals work hard to create commonsense policies and procedures and lobby for the best technical safeguards for their organizations. But time and again that hard work is wiped out by the most persistent threat of all: insider threat.
Privacy and security are challenging enough within the walls of a hospital or business office. But as the number of remote staff increases, privacy and security officers must be prepared to pioneer a new environment of remote home offices and mobile devices.
Providers may share information with a patient’s loved ones, regardless of whether they are recognized as relatives under applicable laws, the Office for Civil Rights (OCR) said in updated HIPAA guidance released January 10. OCR also issued a FAQ explaining that disclosures to a loved one who is not married to the patient or otherwise recognized as a relative are generally permissible under the same the conditions and circumstances as disclosures to a spouse or other relative.
Q: OCR has said that the comprehensive HIPAA audits will occur in 2017. We received a pre-audit letter as a CE but were not audited as part of the CE round of phase two desk audits. What is included in the comprehensive audits, and is there a chance we will be audited?
