When Shallie J. Bryant, CHC, CHPC, went to work at CaroMont Health in North Carolina more than two years ago, her biggest challenge was creating a culture of patient privacy.
It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the OCR held off on any enforcement activities-that is, until recently.
The September 23 compliance deadline for most of the provisions of the HIPAA omnibus rule has come and gone. But for covered entities (CE) and business associates (BA), now is not the time to take your foot off the gas pedal.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
HIM directors are responsible for the integrity of patients' records-even when a hospital shuts down certain wings of the facility or closes its doors entirely.
There is some common ground in the corrective action plans (CAP) that OCR has imposed on healthcare organizations it has investigated for HIPAA privacy and security deficiencies.
Mobile devices have changed the way people share and access information in their personal and professional lives. Smartphones and tablets may make it easier and faster for people to communicate, store, and access information, but they present risks if lost, stolen, or hacked. This can be especially challenging in the healthcare industry as it has become common for providers to use various mobile tools, including smartphones, laptops, notebooks, tablets, phablets, personal digital assistants, USB devices, digital cameras, and radiofrequency identification devices, to communicate with colleagues and access applications.
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
