Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
Patients are getting emboldened in the digital age and want quicker, more efficient—immediate, really—access to medical records. Further, the government is reinforcing existing regulations and creating new rules around data sharing that require entities to make healthcare records more accessible and deliver records to patients in their desired electronic format. Technology innovation has made this much easier for healthcare facilities to accomplish.
HIPAA training is required by the HIPAA rules, under § 164.530, Administrative requirements. But just because it’s required doesn’t mean it has to be repetitive, boring, or unappealing. There are ways to make your healthcare staff excited about HIPAA training. At the very least, you can do your part to make sure they’re engaged.
The New York City Fire Department (FDNY), which operates ambulances, disclosed in August that 10,253 patients treated or transported by the FDNY from 2011 to 2018 may have had their protected health information (PHI) compromised after an external hard drive containing unencrypted data went missing in March, according to an FDNY press release.
Q: Is there anything that a hospital needs to do regarding HIPAA and the confidentiality of famous patients? Obviously employees shouldn’t snoop, but can you recommend any added protections?
OCR in 2013, through the Health Information Technology for Economic and Clinical Health (HITECH) Ac,t issued a final rule identifying provisions of the HIPAA rules that apply directly to business associates (BA) and those provisions for which BAs are directly liable.
Q: Research coordinators are tasked with finding suitable candidates for research studies. Because our coordinators work for a hospital, is the work they do in finding candidates for research an activity that is subject to HIPAA? What do we need to do to ensure HIPAA compliance?
HIPAA security officers arguably have more on their plates now than ever before as the cloud and mobile era are fully upon us and potential cybercriminal access to PHI increases,
Q: Do HIPAA privacy rules apply to foreign nationals receiving healthcare from a U.S.-based healthcare provider? Are there any provisions for sharing information with a patient’s provider overseas?
