The HIPAA omnibus rule provides greater protection for PHI by imposing more stringent requirements and limits on a covered entity's (CE) use and disclosure of that information when it comes to functions such as marketing, sales, and fundraising.
Q. We are a claims repricer and maintain a secure claims department. When outside vendors, such as building maintenance people, enter the secure area, are they required to sign a logbook indicating what time and date they entered and exited the claims department?
In a time when so much attention is focused on issues such as cyber security and the dangers posed from evolving technology, it's easy to forget the HIPAA basics, such as the need for workforce members not to gossip or chitchat about patients with other staff members or people in the community.
Q. If an organization’s human resources officer is also the plan administrator for the organization’s group health plan (self-insured), does that individual have the right under HIPAA to access records of high-dollar pharmacy/medical claims for the purpose of targeting the insured for wellness programs or other alternative treatment plans?
If many acute care hospitals struggle to protect patient privacy, long-term care organizations face their own challenges in ensuring the privacy of residents who live in their nursing homes and assisted living facilities.
One task that almost every healthcare organization is going to have to tackle to comply with the HIPAA omnibus final rule is amending its Notice of Privacy Practices (NPP).
Demonstrating that ePHI encryption meets the safe harbor requirements may be more difficult than it seems when planning for that inevitable breach. Full disk encryption may not be enough. Many healthcare users believe encryption software installed on mobile devices and desktops will avoid the potentially damaging breach notification. The question is: Can you prove ePHI was encrypted at the time the device was lost, accessed, or stolen? Absio Corporation may have the answer.
The HIPAA Privacy Rule de-identification standard-Section 164.514(a)-includes two methods by which health information can be designated as de-identified: expert determination and safe harbor.
