P.T. Barnum once said, "There's a sucker born every minute." The sentiment that many people are gullible, and we can expect this to continue, has never been truer than with HIPAA compliance.
Q: I perform monthly HIPAA audits of computer systems at the medical group where I am employed. I recently started auditing physicians and allied health professionals who are credentialed members of our medical staff.
Q: It is my understanding that written authorization is required for the release of PHI even for treatment, payment, and operations purposes. I believe this is true in New York state, but am unsure if it is also true nationally.
Q: You are reviewing a computer-generated insurance claim before it is sent to the insurance carrier, and you happen to notice the patient's name on the claim?it's an old friend of yours. You quickly read the code for the diagnosis. Is this a breach of confidentiality?
As required by The Joint Commission, a board of directors should regularly assess its performance, appropriateness of board and committee processes and charter fulfillment, adequacy of meeting structures and goals, communication with management, and other governance structures and activities. Generally, boards and their committees complete this assessment through self-surveys, internal audits, or collection of results as performed by legal services. Assessment results can lead to changes in board processes, with the goal of adapting to changing risks and environmental requirements, and improvements in governance.
Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, significant security implications must be considered by both parties prior to, during, and after a merger or acquisition. Security officers are often best suited to dig deep into the information security standards of a facility to identify risks and develop a plan for streamlining security programs between the acquirer and the organization being acquired.
Despite Bitglass, Inc.'s newness to the healthcare market, the company offers a mobile device management (MDM) solution that is simpler and far less invasive than most solutions available today?something of a feat, as securing data on mobile devices is usually not an easy task.
