Information security officers often have their hands full with HIPAA. But as high-deductible health plans have patients paying more out of pocket, it’s time organizations took a closer look at another set of cybersecurity guidance: the Payment Card Industry Data Security Standard (PCI DSS).
It’s been a challenging year for HIPAA compliance. OCR levied more than $20 million in breach settlement fines. Ransomware rocked the healthcare industry.
A new phishing scam targeting covered entities (CE) and business associates (BA) is disguised as an official communication from the Office for Civil Rights (OCR). In an alert released November 28, OCR advised CEs and BAs that a phishing email is being circulated on fake HHS letterhead with the signature of Jocelyn Samuels, OCR’s director.
The University of Massachusetts Amherst (UMass) agreed to a $650,000 HIPAA settlement fine after a breach investigation revealed the university failed to implement basic security measures.
Data breaches spiked dramatically in the second half of the year but some experts at AHIMA’s 2016 national convention in Baltimore suggest the apparent surge might be caused in part by improved reporting.
Q: In our pharmacy dispensing system, we can enter free-form notes for certain records such as a patient record, prescription records, and physician records. This field is used to enter notes that are customer service?focused and not treatment- or payment-related in nature. Would these notes be considered PHI, and would record retention requirements apply to these notes?
