Hackers are targeting poorly secured file transfer protocol (FTP) servers to access protected health information (PHI), store malicious tools, or launch cyberattacks, according to an alert released by the FBI March 22.
Q. We’re a small clinic and were just hit with ransomware. We do have a plan to recover and have clean backup data to restore from. Is there anything we’re missing?
The Substance Abuse and Mental Health Services Administration released a final rule updating privacy regulations for alcohol and substance abuse patient records. The changes are intended to reflect the way information is shared in new healthcare models while still protecting the privacy of individuals seeking treatment.
How many of us have a successful mentoring program established in our organization and department? For most organizations, I would venture to say mentoring is performed on a piecemeal basis and is likely not as effective as it could be. Far too often, mentoring efforts are disorganized and lack a dedicated trainer. If any training is given, it often consists of the same general orientation afforded to all new employees, regardless of the job they will be doing.
HIM and other healthcare professionals looking for best practice tips to improve care for LGTBT individuals can look to AHIMA’s new practice brief, Enhancing Patient Engagement for LGBT Populations, released March 14.
The following is a question and answer form created by Ronald Hirsch, MD, FACP, CHCQM, vice president of the Regulations and Education Group at R1 Physician Advisory Services in Chicago, to help outline some basics regarding the complex rules surrounding the three-day qualifying stay required, which Medicare requires in order for patients to qualify for the skilled nursing facility (SNF) benefit.You can use this as a starting point to create your own physician and provider training materials on this topic. Ensuring that providers are well-trained on this topic can help ensure patients get accurate information, which can make these discussions less difficult.
Q: We currently use an electronic system to make appointments for our spa clients that is not HIPAA compliant according to its maker. Can we use this system to track appointments for B-12 shots clients and those who are prescribed with appetite suppressants? We would have to enter patient medications and any allergies into this system. Since it is a cash-based business, what’s the HIPAA liability?
Covered entities (CE) and business associates (BA) should report any suspicious cyber activity, including malware, phishing, or other cybersecurity incidents, to the United States Computer Emergency Readiness Team (US-CERT), the Office for Civil Rights (OCR) said in guidance released February 23.
Q. If we discover that our business associate (BA) uses a cloud service vendor for certain services, do we need to see proof that the BA has executed a BA agreement (BAA) with the cloud service vendor?
