HIPAA

Q: I am a registered nurse who received treatment for a health problem in the ED of the hospital that employs me.

The HITECH Act, which included changes to the HIPAA Privacy and Security Rules, was signed into law by President Obama in February 2009-a full five years ago.

If an ambulance that is not affiliated with our organization transports a patient to our facility, can we give them PHI to use for their billing? Do we need the patient's written authorization?

There will always be a host of slick-looking products on the market promising to deliver improved technical security.

What is the privacy and security governance structure like at your organization?I

The healthcare industry is taking lessons from the credit card and financial industry when it comes to preventing fraud.

Tips from this month's issue.

Although the majority of the provisions of the HIPAA Omnibus Rule have become effective, many Breach Notification Rule revisions cause confusion for organizations.

Tips from this month's issue.

Q: Some organizations consider any medical record number to be PHI. Others believe the medical record number is not a personal identifier—unless the security number is the medical record number—because anyone who would intercept that number would have no way of identifying the patient based on the number alone.