Q. If an organization’s human resources officer is also the plan administrator for the organization’s group health plan (self-insured), does that individual have the right under HIPAA to access records of high-dollar pharmacy/medical claims for the purpose of targeting the insured for wellness programs or other alternative treatment plans?
Q. A long-term care facility has deployed laptops that connect to a file server and are password protected. The laptops are not used to store PHI or other confidential data and are not removed from the facility. Do the laptop hard drives need to be encrypted?
The HIPAA Privacy Rule de-identification standard-Section 164.514(a)-includes two methods by which health information can be designated as de-identified: expert determination and safe harbor.
