Q: Do companies such as FitBit (and others that sell wearable devices that track and store health information) need to abide by HIPAA regulations? Should I be concerned with how these companies are viewing and sharing my health information?
This month’s column will dig a bit deeper and look at the reasons why lawsuits are filed in the first place and what gets healthcare entities in hot water. Hopefully this will help guide you when it comes to addressing those activities and events that result in costly legal battles.
In addition to struggling to properly fulfill patient records requests, organizations largely failed to implement sufficient risk analyses and risk management strategies, the recently released 2016-2017 HIPAA Audits Industry Report revealed.
In the months before a transition to a new administration, the Office for Civil Rights (OCR) released the long-awaited 2016-2017 HIPAA Audits Industry Report, offering a look at the successes and shortcomings of select covered entities (CE) and business associates (BA).
Q: What are the encryption requirements when using Google Drive™, Dropbox®, or other information-storing applications? How do we ensure HIPAA compliance when using them?
Ever run into a vendor who claims to be a conduit versus a business associate (BA)? It happens all too often, in my experience. Here’s the problem: The conduit exception is a narrow one. If you’re storing protected health information (PHI), even encrypted PHI where you don’t have the encryption key, you’re a BA. Once you sign the business associate agreement (BAA), it applies to you.
As many anticipated, the Department of Health and Human Services (HHS) has pushed out a flurry of proposed rules in the months leading up to the Trump administration’s departure. Among them is a Notice of Proposed Rulemaking (NPRM) that would make significant changes to the HIPAA Privacy Rule.
