Q: Is it considered a HIPAA violation for facilities to keep patient charts outside of exam rooms or at a patient's bedside? Most providers prefer to have the charts handy to review just before seeing the patient. However, anyone could walk by the room and potentially get a glance at the information. Would this be considered an incidental disclosure?
Cybercrime is up in the healthcare industry, and it’s a good idea to make sure you’re ready to respond to cyber incidents. The key to speedy mitigation is to have a security incident response plan, test the plan, and make sure it works as you exercise it. Having a plan is also a HIPAA Security Rule requirement.
As ransomware attacks and phishing attempts persist in the age of the coronavirus (COVID-19), healthcare organizations have correctly poured many resources into combatting these attacks. However, as always, cybercriminals are finding new ways to access protected health information (PHI).
One year into the coronavirus (COVID-19) pandemic, phishing attacks against healthcare organizations remain a chief concern. Threat actors are constantly finding new vulnerabilities to exploit. It’s like a game of whack-a-mole: When healthcare organizations swat away one problem, another pops up.
Q: We are coming up on our annual HIPAA training for staff. We have used the same training program for several years—it covers the basics and places a strong emphasis on recognizing phishing and other cyberattack tactics. Given the events of the past year, are there any other security trends we should be sure to highlight during our training session?
Welcome to the brave, not-so-new world of compliance and cybersecurity! News of cybercrime seems to be constantly in the headlines, and healthcare is one of the key industries being targeted.
It’s the age-old tale in healthcare: Your organization needs more resources, but leadership simply isn’t interested in helping out. “This has been a challenge since the pre-HIPAA days,” says Kate Borten, CISSP, CISM, HCISPP, founder of The Marblehead Group in Marblehead, Massachusetts. “It’s always been a challenge.”
In the weeks leading up to his departure from office, former President Donald Trump signed H.R. 7898 into law, amending the HITECH Act to require the Health and Human Services secretary to consider certain recognized security practices of covered entities (CE) and business associates (BA) when taking enforcement actions.
