HIPAA

If many acute care hospitals struggle to protect patient privacy, ­long-term care organizations face their own challenges in ensuring the privacy of residents who live in their nursing homes and assisted living facilities.

One task that almost every healthcare organization is going to have to tackle to comply with the HIPAA omnibus final rule is amending its Notice of Privacy Practices (NPP).

Demonstrating that ePHI encryption meets the safe harbor requirements may be more difficult than it seems when planning for that inevitable breach. Full disk encryption may not be enough. Many healthcare users believe encryption software installed on mobile devices and desktops will avoid the potentially damaging breach notification. The question is: Can you prove ePHI was encrypted at the time the device was lost, accessed, or stolen? Absio Corporation may have the answer.

Does your organization treat HIPAA compliance as kismet or karma?

One thing the release of the omnibus final rule has left healthcare ­organizations asking is, "Where do we start?"

Business associates (BA) definitely have their work cut out for them.

The HIPAA Privacy Rule de-identification ­standard-Section 164.514(a)-includes two ­methods by which health information can be designated as de-identified: expert determination and safe harbor.

Q. A long-term care facility has deployed laptops that connect to a file server and are password ­protected. The laptops are not used to store PHI or other confidential data and are not removed from the facility. Do the laptop hard drives need to be encrypted?

What better time to gauge HIPAA compliance than now with the January publishing of HHS' major HIPAA omnibus final rule.

HIM directors must revisit and potentially refine processes for patient record restriction requests and requests for electronic copies of medical records ­because of the HHS HIPAA omnibus final rule.