Q: What type of activity must be audited to comply with the HIPAA requirement to audit electronic medical record (EMR) activity? Does this include every action a user takes within a record and the length of time a user spends in a record?
President Donald Trump signed H.R. 7898 into law on January 5, amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to require the Health and Human Services secretary to consider certain recognized security practices of covered entities (CE) and business associates (BA) when taking enforcement actions.
As many anticipated, the Department of Health and Human Services (HHS) has pushed out a flurry of proposed rules in the months leading up to the Trump administration’s departure. Among them is a Notice of Proposed Rulemaking (NPRM) that would make significant changes to the HIPAA Privacy Rule.
Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?
GenRx Pharmacy, which is headquartered in Scottsdale, Arizona, reported a data security incident on December 18 affecting 137,110 individuals, according to the Office for Civil Rights (OCR) breach report.
Your facility’s information security officer has ultimate responsibility for information security policies implemented at your facility. However, everyone has an important role to play in keeping information secure by following policies and procedures.
The Office for Civil Rights (OCR) on December 17 released its 2016-2017 HIPAA audits industry report, providing an overview of how selected covered entities (CE) and business associates (BA) complied with certain provisions of the HIPAA privacy, security, and breach notification rules.
Q: I am confused on the HIPAA rules for patients needing to show their driver’s license at the doctor’s office, hospital, or any other medical facility so the driver’s license can be scanned and put into their systems. I have refused to do that, but the facilities informed me that they were required by Medicare to scan the driver’s license. Is there a rule that clearly states that this is a requirement?
The Office for Civil Rights (OCR) at HHS announced on December 10 proposed modifications to the HIPAA Privacy Rule, placing an emphasis on individuals’ right of access to their protected health information (PHI).
