There are times when state privacy and security laws trump HIPAA, and healthcare organizations and their business associates (BA) should have a clear understanding of their compliance obligations in the midst of what can be a complex web of regulations.
Q: I realize that you cannot compel your staff to complete Occupational Safety and Health Administration training online on their own time. However, I am wondering whether the same applies for HIPAA training. Must this training be conducted during work hours, or can we provide workforce members with a deadline by which to complete training on their own time?
Criminal attacks on the healthcare industry have increased 125% since 2010, and are now the leading cause of data breaches at healthcare organizations, according to the results of a study released by the Ponemon Institute in May 2015. At the same time, the study says many hospitals and business associates (BA) are unprepared and cannot ensure patients' privacy against these attacks.
Breaches of PHI are increasingly in the news and the value of the data stolen is high. The healthcare industry is a significant target when it comes to cyber crime. Standard credit monitoring or insurance does little when it comes to medical identity theft. MIDAS, offered by ID Experts®, is a tool that can assist payers in early detection of medical identify theft and reduce fraud, going where existing tools have yet to go. It is a solution that's unique in today's market.
Emory University Hospital in Atlanta was thrust into the international spotlight in the summer of 2014 as the world anxiously watched first one, then two, then three humanitarian workers infected with the Ebola virus return from West Africa to the United States for treatment as the months dragged on and public anxiety soared. The fourth patient treated at Emory was a nurse who became infected while caring for an Ebola patient at a Texas hospital.
Obtaining valid authorizations for disclosure is a significant area of risk for many organizations. Often, staff members handling disclosures don't understand the requirements?especially regarding when authorizations are needed and who can legally sign them. This chapter takes a comprehensive look at authorizations, including required elements, when they're needed, when they're not needed, who can sign them, and the need to screen outside authorizations.
