Q: Is there a sample risk analysis about how an enterprise or clinic might evaluate and determine if data-at-rest protection through encryption is reasonable and appropriate as defined in the HIPAA Security Rule?
Hackers gained unauthorized access to the information technology system of Anthem, Inc., and exposed the PHI of more than 80 million people who are currently or were previously covered by the insurance provider. The attack also exposed the PHI of Anthem's employees, including President and Chief Executive Officer Joseph R. Swedish.
Release of information (ROI) is typically a function that is managed by the HIM department, but privacy and security officers often play a critical role in ensuring records remain secure during transmission.
There's considerable confusion about what HIPAA means and what your obligations are under the regulations. I recently presented at a Midwest physician association conference. As is almost always the case, in the front row was an attendee just waiting for the Q&A session.
Secure text messaging presents challenges when it comes to ease of use and communicating with anyone who hasn't installed a like secure texting app. Until recently, secure texting was possible, but only if the sender and recipient both used the same mobile app. TigerText unveiled Fast Deploy® in 2014, and it's a game changer.
Q: I work in long-term care and I am familiar with the language in HIPAA regulations regarding requests for electronic copies of medical records for a reasonable fee according to community standards. However, my company does not maintain its medical records in electronic form, nor do we presently have the capability of converting our paper records into electronic format. Our state legislature addressed the issue of "reasonable charges and community standards" by state statute in 2006 by providing a formula for every medical provider to follow state-wide for copy charges regarding paper copies.
The healthcare industry is continuously evolving, and health information technology (HIT) is changing with it. Organizations should take advantage of the technology available to improve healthcare operations but must be aware of the risks that HIT can present.
