Security breach notification requirements, according to Briefings on HIPAA's HIPAA and HITECH February survey of healthcare providers. Most of the nearly 600 respondents were HIPAA compliance officers and HIM directors.
Breach notification was the top challenge for 39% of respondents, followed by amending and creating business associate (BA) contracts at 18%. The response took Chris Simons, RHIA, by surprise. Simons serves as director of utilization management and HIM and privacy officer at Spring Harbor Hospital in Westbrook, ME.
Many healthcare organizations have pondered these questions. Now OCR has turned its attention to this topic, and healthcare organizations need to prepare for compliance.
Account numbers reported to the state are considered patient-identifiable information. Therefore, you must include them in an accounting of disclosures in response to patient requests.
Jaspinder Grewal is a self-described "techie" who knows that developing cost-effective techniques to ensure HIPAA compliance is important for healthcare organizations.
Grewal, who is project lead for application services at Mount Sinai Hospital and Medical Center in Chicago, shared his ideas during the 18th National HIPAA Summit, held February 2–5 in Washington, DC.
Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees. The health-care insurer also failed to promptly notify consumers endangered by the security breach, according to a press release from Blumenthal’s office.
