HIPAA

How one healthcare organization survived a major data breach and OCR enforcement ­action

For the last three years, the Ponemon Institute has taken the pulse of the healthcare industry and its ­compliance with HIPAA.

Privacy officers must ensure their hospital removes potential patient identifiers from data sets used for reasons outside of treatment, payment, and healthcare ­operations, privacy experts say.

When it comes to data breaches, it's not a question of if, but a matter of when, says Cris V. Ewell, PhD, chief information security officer at Seattle Children's Hospital, Research, and Foundation.

Q&A, Patient preference, incidental disclosures, and email blasts

The cloud has come to healthcare, but is cloud computing for your organization?

Complying with the HIPAA Privacy Rule isn't always easy, but it can be even more complicated for assisted living facilities.

If you've listened to OCR officials recently, the audits to assess HIPAA compliance will continue in 2013.

One thing is certain. You don't want to wait until you receive a notification letter from OCR before you begin preparing for a HIPAA audit, says Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic Jackson Memorial Hospital in Jackson, Miss.

If you think complying with all of the HIPAA breach notification requirements is difficult, you're not alone.