The May tornado that destroyed a medical center in Joplin, MO, raised an important question: How can healthcare providers protect patients' PHI when disaster strikes?
Breaches are expensive, and the price tag increases when preparation and formal documentation are lacking. Identity Theft Guard Solutions, LLC, in Portland, OR, doing business as ID Experts, has introduced a do-it-yourself breach assessment, monitoring, and investigation tool called RADAR™ that helps reduce costs associated with lack of preparation, breach investigation, notification, and documentation.
Q Our authorization form for release of information requires patients to sign separate lines to authorize release of sensitive information, such as sexually transmitted diseases, substance abuse, and genetic information. We understand that very few other covered entities do this. Is this a legal requirement? And if so, may we change our form to state that all information will be released unless the patient indicates otherwise?
Organizations have had their chance to weigh in on the proposed accounting of disclosures rule, and some larger ones don't exactly see it working as written. Here is what some organizations had to say.
HITECH was the trigger for a global HIPAA policy review at North Shore-Long Island Jewish Health System (North Shore-LIJ) in Great Neck, NY. This was no easy task; North Shore-LIJ includes a medical school, a research institute, 15 hospitals, more than 200 ambulatory care centers, over 5,600 beds, and a total workforce of more than 42,000 employees.
Just three weeks before a devastating tornado roared through Joplin, MO, St. John's Regional Medical Center transitioned to an electronic health record (EHR) system that it credits with aiding its disaster recovery.
A long-awaited notice of proposed rulemaking (NPRM) required by HITECH for accounting of disclosures includes some anticipated changes and some surprises.
Social networking and its related communication vehicles pose significant privacy and security challenges for healthcare organizations, says Chris Apgar, CISSP.
Q Is it permissible to allow hospital employees who have been granted access to PHI through the workforce clearance procedure to access their own PHI through the electronic medical record (EMR) without first signing a release or authorization?
