Semantics often gets in the way when it comes to HIPAA Security Rule requirements—and the results can be costly mistakes for your organization in terms of wasted resources, not to mention not satisfying OCR. It’s time for your organization to get a grip on what exact security measures it’s performing.
If your healthcare organization thinks distributing a Notice of Privacy Practices (NPP) form, ensuring patients acknowledge receiving it, and maintaining those acknowledgments is a burden, the government may agree with you.
Q. Is a hospital’s human resources (HR) department covered by HIPAA? I work at a hospital and suspect that someone in our HR department disclosed medical information about an injury I sustained at a previous job. Is this a HIPAA violation?
If you’re generating audit logs, you must regularly review them. SPHER, a cost-effective software as a service tool that automates the review of the multitude of audit logs your EHR generates and can help you discover potential security incidents and avoid unpleasant surprises.
HIPAA says staff should only access the minimum necessary amount of information to do their jobs. But defining roles, access, and minimum necessary can quickly become a complicated exercise in frustration. Use this tool to help your organization form a practical minimum necessary policy.
Employers take note: In-demand health IT professionals are more interested in job satisfaction and professional growth than in longevity with an organization. Although compensation and benefits packages are important, a positive work culture, the opportunity to do meaningful work, and the potential for career advancement make a big impact on current and prospective health IT staff.
