HIPAA

This month's Q&A answers our readers' questions about releasing protected health information via a health information exchange, sharing patient information with law enforcement, and paper record retention requirments.

Q. Can a third party such as a nursing home cancel or change a doctor’s appointment? Can a third party such as a nursing home cancel or change a doctor’s appointment without informing the patient? Are any of these HIPAA violations?

In a year of uncertainty, the healthcare industry can rely on one thing: OCR is taking HIPAA enforcement seriously. As of July 1, OCR has collected more than $17 million in monetary settlements from nine organizations.

Q. Is it a HIPAA violation if a hospital receives a faxed Healthcare Effectiveness Data and Information Set (HEDIS) request and the hospital cannot identify the patient by full name, last name, or birthdate?

Major U.S. healthcare organizations were hit in an international ransomware attacked launched June 27.

State-sponsored hackers may be planning to exploit multiple Microsoft vulnerabilities to launch large-scale attacks against healthcare organizations, HHS warned.

Q: Can we send patient records to an out-of-state physician's office without the patient's written consent?

Q: Our human resources department does not accept certificates of work absences without diagnoses. How does HIPAA apply in this situation?

Staffing problems and outdated equipment and software are healthcare’s top cybersecurity challenges, according to a June 2 report released by the Health Care Industry Cybersecurity Task Force, a federal task force established to fulfill requirements of the Cybersecurity Act of 2015.