Q: Is it a HIPAA concern if a patient and/or visitor takes photos or videos in which other patients, intentionally or not, appear? Are we required to forbid or prevent patients and visitors from taking photos or filming? If so, where is this requirement specified?
This month's security Q&A answers readers' questions on incidental disclosures, sending protected health information in the mail, and addressing vulnerabilities identified in a risk analysis.
21st Century Oncology, a national network of cancer providers headquartered in Fort Myers, Florida, came under scrutiny by the Department of Justice (DOJ) and the Office for Civil Rights (OCR) earlier this year. In December, the organization agreed to a $26 million settlement with the DOJ and a $2.3 million settlement with OCR. 21st Century Oncology filed for bankruptcy in May.
The general rules for security, risk analysis, and risk management implementation specifications, and evaluation standards are key directives for ongoing compliance assurance. Although risk analysis concepts guidance appears in the Security Rule, many organizations use it for auditing Privacy Rule processes as well.
