Briefings on HIPAA

In this month's Product Watch, we look at a game-changing texting app. With the available technology, covered entities and business associates would be hard-pressed to justify sending PHI using unsecure texts.

This month's HIPAA Q&A includes answers on doctor's notes, scheduling appointments, hospital social media, alerting patients via text message, and more!

Although HIPAA laws do not specify any time frame on updating policies and procedures, OCR has expectations. Here are three recent settlements where OCR has included mandates to update policies and procedures. You can apply some of these lessons in your organization.

HIPAA covered entities that maintain poor policies and procedures related to HIPAA compliance—those that are unfinished in draft form, not updated in years, and basically not followed to the letter—have cost them dearly.

Think software patching and vulnerability detection is just an IT thing? Certainly it starts there.

This month's Q&A answers readers' questions about identification requirements, out-of-work information disclosure, and PHI and record retention

In the digital age of healthcare delivery, the need for appropriate medical device cybersecurity is pervasive. Unenforced password protocols, outdated data storage, unencrypted data, unsecured access to networks—these are just a few examples of distinct vulnerabilities medical devices can have.

In its May newsletter on workstation security and the HIPAA Security Rule, OCR cited a 2015 settlement with Lahey Hospital and Medical Center in Burlington, Massachusetts, over a breach of PHI involving a laptop used in connection with a CT scanner.