This month's HIPAA Q&A answers our readers' questions about disclosures to family members, healthcare providers, and home health visits to gated communities.
Breaches are expensive and the price tag increases when preparation and formal documentation are lacking. One of the challenges of tracking security incidents and determining if a breach of PHI or PII is a reportable breach is developing a consistent assessment process and building a centralized breach tracking system.
Network devices make life easier in many ways, but they can be a significant challenge for security officers. These devices must be carefully managed and security officers need to be kept in the loop when any decision is made to add a device to the network.
Distributed denial of service (DDoS) attacks are one of the oldest cyberattacks in the books, but they’re still common and can knock out vital services, leaving patients and providers unable to access EHRs and other systems.
The HIPAA Security Rule isn't specific about the timing of training, but it includes awareness building, reminders, and specific topics that must be addressed. Education, training, and awareness building are critical to privacy and security compliance.
HIPAA privacy and security professionals work hard to create commonsense policies and procedures and lobby for the best technical safeguards for their organizations. But time and again that hard work is wiped out by the most persistent threat of all: insider threat.
Privacy and security are challenging enough within the walls of a hospital or business office. But as the number of remote staff increases, privacy and security officers must be prepared to pioneer a new environment of remote home offices and mobile devices.
