HIPAA

Some healthcare administrators and executives consider the notice of privacy practices (NPP) another government administrative burden. From a privacy ­perspective, however, the NPP is not a waste of time.

The question today for healthcare facilities isn't "does your facility use social media?" It's "who is using social media, for what ­purpose, and what policies govern its use in your organization?"

An important part of a compliance officer's job is ­responding to noncompliance complaints.

Paula Moran, MEd, and Jennifer Edlind, JD, CHC, know what they're talking about when they say having an incident response team in place when a data breach occurs is important. Moran is privacy and security manager at Massachusetts General Hospital (MGH) in Boston. Edlind is director of privacy and compliance operations at University Hospitals Health System (UH) in Cleveland.

Experience is said to be the best teacher, so learn from the mistakes made at other organizations.

Q.As part of its fundraising effort, Hybrid ­Entity's cancer center wants to send a ­patient list ­(demographic information only) to Hybrid's ­development office, which is not ­designated as a healthcare component of Hybrid. Is this permissible? 

Mobile devices-thumb drives, smartphones, external hard drives, tablets, and laptop computers-are creating risks for PHI exposure.

It may not be the proverbial keys to the ­kingdom, but OCR's recently published audit protocol for its ­current privacy and security audits gives healthcare ­organizations an inside look at the inspection process.

Education is giving people the knowledge they need. Training helps them develop the skills that allow them to put that knowledge to use.