In the weeks leading up to his departure from office, former President Donald Trump signed H.R. 7898 into law, amending the HITECH Act to require the Health and Human Services secretary to consider certain recognized security practices of covered entities (CE) and business associates (BA) when taking enforcement actions.
HHS acting Secretary Norris Cochran declared a public health emergency (PHE) for the state of Texas on February 17 as a result of the recent winter storms.
Q: Is it permissible to store paper patient records in a public storage unit? If so, do the storage units need to use specific safeguards to be HIPAA compliant?
Q: Do companies such as FitBit (and others that sell wearable devices that track and store health information) need to abide by HIPAA regulations? Should I be concerned with how these companies are viewing and sharing my health information?
Sharp HealthCare, a regional healthcare group based out of San Diego, agreed to take corrective action and pay $70,000 to settle a potential violation of the HIPAA right of access standard, according to its resolution agreement with the Office for Civil Rights (OCR).
This month’s column will dig a bit deeper and look at the reasons why lawsuits are filed in the first place and what gets healthcare entities in hot water. Hopefully this will help guide you when it comes to addressing those activities and events that result in costly legal battles.
Q: My organization is considering outsourcing our coding to an offshore company. Does HIPAA apply only to healthcare entities and business associates located within the United States? If so, what would happen if the offshore third party experiences a breach? What are the risks associated with this decision?
The incident involved information stored in a UPMC health plan employee’s email account, per the security notice posted on UPMC’s website. UPMC says it was first notified on December 9 of a phishing incident that may have exposed protected health information (PHI) of patients
In addition to struggling to properly fulfill patient records requests, organizations largely failed to implement sufficient risk analyses and risk management strategies, the recently released 2016-2017 HIPAA Audits Industry Report revealed.
