Many healthcare organizations have pondered these questions. Now OCR has turned its attention to this topic, and healthcare organizations need to prepare for compliance.
Account numbers reported to the state are considered patient-identifiable information. Therefore, you must include them in an accounting of disclosures in response to patient requests.
Jaspinder Grewal is a self-described "techie" who knows that developing cost-effective techniques to ensure HIPAA compliance is important for healthcare organizations.
Grewal, who is project lead for application services at Mount Sinai Hospital and Medical Center in Chicago, shared his ideas during the 18th National HIPAA Summit, held February 2–5 in Washington, DC.
Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees. The health-care insurer also failed to promptly notify consumers endangered by the security breach, according to a press release from Blumenthal’s office.
A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?
The HIPAA security rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of those CEs that found itself under the microscope.
Unfortunately for Cascade, a virus invaded part of its computer system in December 2007, exposing the data of more than 11,500 donors and landing the healthcare system in the headlines.
When breaches occur, you are required to notify the affected patients or their legal representatives. A minor child's legal representative is a parent or legal guardian.
The wireless and the wired environment are each subject to potentially significant security risks.
Aruba Networks, Inc., offers a wireless solution that significantly reduces security risks, minimizes organizational costs, and can be deployed quickly.
