Briefings on HIPAA

This month's security Q&A answers readers' questions on incidental disclosures, sending protected health information in the mail, and addressing vulnerabilities identified in a risk analysis.

The general rules for security, risk analysis, and risk management implementation specifications, and evaluation standards are key directives for ongoing compliance assurance. Although risk analysis concepts guidance appears in the Security Rule, many organizations use it for auditing Privacy Rule processes as well.

Handling requests for information from law enforcement can throw staff for a loop. Most staff are aware of their organization’s policies and the basic HIPAA requirements for disclosing patient information to family members, friends, and other individuals such as legal guardians. But handling requests from law enforcement officials can be a different matter.

Changes to the Office for Civil Rights' HIPAA Audit Program and enforcement focus highlight compliance areas organizations should review.

Tips from this month's issue.

Tips from this month's issue.

This month's HIPAA Q&A answers readers' questions about record retention, information sharing, and patient photographs.

Poor customer support can put an organization in jeopardy when hardware fails.

Too often, organizations fall for common HIPAA myths and erroneously incorporate them into otherwise sound, good-faith compliance efforts. That can lead to wasted time and resources, duplicative work, or even outright noncompliance.