HIPAA

Tips from this month's issue

The HIPAA Security Rule preamble reinforces training "criticality" and restates the standard, "We require training of the workforce as reasonable and appropriate to carry out their functions in the facility." Security training is essential.

Q: I work for a hospital with a geriatric psychiatry unit. Many patients are discharged to nursing homes.

Watch out, HIPAA privacy and security officers. The criminals are coming, and they want to make money off of PHI your organization stores. It's one more thing to add to the growing list of compliance concerns covered entities (CE) and business associates (BA) have to worry about when protecting internal PHI.

The HIPAA Omnibus Rule has brought significant changes to the HIPAA landscape for covered entities (CE) and their business associates (BA).

Tips from this month's issue

Q: Our organization does not support the use of USB drives. Is that typical?

Sending out a mass mailing of a pamphlet that contained Medicare beneficiary numbers resulted in a civil monetary penalty of $6,768,000 for Triple-S Salud, Inc. (TSS), a Puerto Rican health insurance subsidiary.

We ask one BOH advisory board member and columnist to answer some questions about how the roles of CEs and BAs have changed over the years.

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, has one word for the HIPAA breach posted to OCR's wall of shame at the close of 2013: depressing.