On April 18, the Office of Civil Rights (OCR) added five new answers to their FAQ section on the relationship between HIPAA and health apps that use patient information.
There are fewer hoops to jump through when another provider requests a practice’s patient records than when an attorney requests them, but the requesting providers don’t have an automatic right to those records, and you can’t just hand them over.
The healthcare industry had more cybersecurity breaches than any other sector in 2018 and the number one cause of breaches across all industries was phishing, according to the fifth annual Data Security Incident Response Report from the law firm BakerHostetler.
Once you understand the basics of privacy and disclosure of PHI under HIPAA, strive to keep staff trained. According to Section 164.530 (b) of the Privacy Rule, a covered entity must train all members of their workforce on the policies and procedures with respect to PHI as necessary and appropriate.
