As cyberattacks become more sophisticated and frequent, the old monitor logs or reliance on security information and event management tools just don’t cut it anymore; neither do old signature-based antimalware tools. Today, there are very sophisticated tools on the market that do a much better job of protecting the data and IT assets of covered entities and business associates.
Everyone is familiar with the words “privacy” and “security,” but what do these terms mean to the experts, and what is the relationship between privacy and security?
With massive data breaches rocking industries and the public, and policymakers scrutinizing how organizations respond, it’s time to dust off policies and ensure organizations have meaningful, compliant reporting and response plans.
Q: If a news crew is reporting on an event or a notable individual who is a patient and they have a film crew stationed outside the hospital, are we responsible under HIPAA for stopping them? If ambulances and patients are visible in the background, is that a HIPAA violation? Can we go off of our property to ask them to move or remove their cameras?
HIPAA compliance and enforcement saw its share of highs and lows in 2017. As the year comes to a close, it’s a good time to look back on what your organization has learned—in terms of personal growth and lessons gleaned from other organizations.
Q: Is it a HIPAA concern if a patient and/or visitor takes photos or videos in which other patients, intentionally or not, appear? Are we required to forbid or prevent patients and visitors from taking photos or filming? If so, where is this requirement specified?
21st Century Oncology, a national network of cancer providers headquartered in Fort Myers, Florida, came under scrutiny by the Department of Justice (DOJ) and the Office for Civil Rights (OCR) earlier this year. In December, the organization agreed to a $26 million settlement with the DOJ and a $2.3 million settlement with OCR. 21st Century Oncology filed for bankruptcy in May.
Although most physicians have experienced a cyberattack, they still value the ability to share electronic protected health information, according to an American Medical Association report released December 11.
