Briefings on HIPAA

Your facility’s information security officer has ultimate responsibility for information security policies implemented at your facility. However, everyone has an important role to play in keeping information secure by following policies and procedures.

Q: I am confused on the HIPAA rules for patients needing to show their driver’s license at the doctor’s office, hospital, or any other medical facility so the driver’s license can be scanned and put into their systems. I have refused to do that, but the facilities informed me that they were required by Medicare to scan the driver’s license. Is there a rule that clearly states that this is a requirement?

It’s time to circle back to the topic of remote access. Last month you were provided a checklist to send to your remote employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, it’s important to share additional information that can help you protect your organization and your data. 

The ability of healthcare organizations to defend against cyberthreats was a top priority entering 2020. As we close the book on the calendar year, the severity of these threats—and the frequency with which they are attacking healthcare organizations—has continued to increase at an alarming rate.

Risk is defined as the possibility that an event will occur that will adversely affect the achievement of objectives. Numerous internal and external risks can negatively affect the business intentions of management and the board. The healthcare industry is complex, and risk is everywhere.

Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?

As we cope with the COVID-19 pandemic, it is important to take a few extra measures to protect your organization, your patients, and your clients—as well as your data.

The complexity and competitiveness of today’s business environment require that organizations have early warning systems to identify times when they face certain risks. Compliance officers should be active participants in the organization’s risk assessment process.

The rate at which cybercriminals target healthcare organizations continues to rise, and the consequences of the attacks are becoming more severe. Two recent high-profile attacks illustrated the urgent need for healthcare organizations to defend against cyberattacks, particularly those involving ransomware, and the importance of comprehensive backup policies and procedures to continue operations in the event of an attack that compromises the network.