News

Q: I work for a hospital with a geriatric psychiatry unit. Many patients are discharged to nursing homes. Often, nursing homes contact the hospital for patient information, but we have only the patients' psychiatric records and are hesitant to send them. Is it permissible under HIPAA to send this information to a nursing home for continued care?

Q. Are we allowed to accept verbal acknowledgement of receipt of the Notice of Privacy Practices, or must it always be signed?

SamSam ransomware is the cause of eight cyber-attacks that have affected government and healthcare organizations this year, according to an HHS report. SamSam ransomware attacks began in 2016 with instances of the encrypted “.weapologize” extension infecting at least 10 entities since December 2017.

The vast majority (94%) of IT decision makers report having concerns about moving data to the cloud, despite the increasing shift to software as a service usage.

Information for 63,551 patients for Middletown Medical, a multispecialty physician group in Middletown, New York, was exposed due to a misconfigured security setting on a radiology interface.

CMS released the Notice of Benefit and Payment Parameters for 2019 final rule April 9 to give states additional flexibility when choosing benefits in essential health benefit benchmark plans offered under  health insurance marketplaces.

CMS held a listening session March 21 to gather input from stakeholders on potential updates to the E/M documentation guidelines. The current guidelines are considered outdated in light of medical advances and the advent of the electronic health record.

Q: We are having trouble determining what qualifies a patient as having an acute myocardial infarction (MI) and what documentation would support the diagnosis. Can you help our coding team clarify?

The Mississippi State Department of Health in Jackson, Mississippi, recently notified 30,799 patients of an email breach that gave a Centers for Disease Control and Prevention contractor unauthorized access to patient information, according to a press release

Q: We are a doctor’s office in a small town. Recently, one of our patients threw away some papers containing PHI in a wastebasket in the waiting room. Another patient’s child later took them out of the wastebasket. The child’s parent brought the papers up to the desk and apologized. Is this a privacy breach? Are we responsible for the papers even though we turned them over to the patient?