Patient Privacy

Interoperability and HIE

Regulatory and Compliance

Medical Device Integration

Report Writing

Perspectives

Patient Privacy Made Smarter

It has been more than a decade since the HIPAA Security Rule established technical safeguards which require organizations to audit access to electronic protected health information. Since then, auditing programs have continued to grow in size and scope.

Read More

Update on HIPAA Audits, from an Insider

Iliana Peters, OCR’s Senior Advisor for HIPAA Compliance and Enforcement, was the featured speaker in the September 19 HealthcareITSecurity.com webinar sponsored by Iatric Systems. Her topic: "What Covered Entities Need to Know about OCR HIPAA Audits." As national lead for OCR enforcement of the HIPAA Rules, she’s uniquely qualified to give us an update on HIPAA audits.

Read More

Ignorance, Bliss, and the Zen of Risk Management

We all probably have heard the old saying “Ignorance is Bliss.”  Many of us, as we get older, look back fondly on our childhood and remember how true that was. Children often have the luxury of being able to go through life without knowing what it's like to have to work to eat, clothe, and shelter themselves and their family. Adulthood, on the other hand, quickly brings the realization that life brings on a multitude of challenges and lots of stress. The simplicity of life and the bliss that accompanies it is what Thomas Gray was talking about when he coined the phrase.  Ahh, to be a child again…

Read More

New HIPAA Enforcer Means Business – Make Sure You’re Prepared

I was very interested to read a recent article in Healthcare Info Security about the new HIPAA enforcer’s plans. Roger Severino, the new director of the Department of Health and Human Services' Office for Civil Rights (OCR), says his top enforcement priority for the coming year is to find a major, egregious privacy breach to use as an example from which others can learn.

Read More

New Lessons on Patient Privacy Breaches and OCR HIPAA Settlements

When I came across this article on HealthITSecurity.com: "5 Lessons Learned in OCR HIPAA Settlements" I knew I wanted to share it with you. It reports on the outcome of the past two years of OCR HIPAA settlements and shows how likely it is for healthcare organizations to experience a breach at some point in time. As you will read, when healthcare organizations had a breach that caught them by surprise, they experienced significant reporting efforts and costly fines.

Read More

Are you monitoring user reporting in MEDITECH’s Data Repository?

In my experience, hospitals typically don't add any kind of PHI access logging to their Data Repository reports. This seems like a gap in PHI monitoring. It may be true that HIPAA provides an exemption from “disclosure reporting” for access to PHI for treatment, billing, or government reporting. However, protection of PHI should involve monitoring of access, and if you do not have any monitoring in place in your MEDITECH DR reports, you may have a gap in your patient privacy monitoring.

Read More

How Beaufort Memorial Hospital Handles Vendor Risk Management

Recently, Ed Ricks, CIO at Beaufort Memorial Hospital had an interview with Marianne Kolbasuk McGee with HealthcareInfo Security.

It is a very relevant and timely discussion since The Department of Health and Human Services' Office for Civil Rights' "wall of shame" website shows that business associates have been culprits in at least 17 percent of breaches affecting 500 or more individuals.

Read More

Use Patient Trust as a Competitive Advantage

I recently read this article from HealthData Management — Privacy, security issues cause consumers to distrust HIT — published on January 9th, 2017.

With all the news going on today about ransomware and the increased number of privacy breaches, we sometimes forget about how these breaches are eroding the trust patients place with their healthcare provider.

Read More

Do Your Partners Handle PHI With Care? Not Sure?

A great deal of your hospital’s patient information is now handled by outside partners — physician practices, outside labs, insurance companies, and many others. In an ideal world, you could trust these business associates and their subcontractors to always take the necessary precautions to keep sensitive information safe. Dream on!

Read More

OCR to Expand Compliance Reviews of Small Healthcare Breaches

The Health and Human Services (HHS) Office for Civil Rights (OCR) announced in August, that it has launched a new initiative to more widely investigate HIPAA breaches of protected health information (PHI) affecting fewer than 500 individuals.

There were 232,000 breaches of PHI affecting fewer than 500 individuals reported to OCR by covered entities and business associates between October 2009 and June 2016.

Read More

Comments

0 COMMENTS