Both new and well-known regulations alike were updated during the COVID-19 pandemic to better support healthcare providers. The Health Insurance Portability and Accountability Act (HIPAA) has seen some modest relaxing of some of its components but remains largely unchanged.
If your privacy team is like most hospitals, managing influxes of privacy tasks, as a result of new privacy concerns can be difficult. While the answer of bringing in 3rd party help might seem expensive or difficult to manage, in reality, supplementing your privacy team as needed by using Patient Privacy Managed Services can help your healthcare organizations quickly scale up to accommodate new requests and scale down when resources are no longer needed.
Unauthorized access to patients’ protected health information (PHI) is illegal — so why do healthcare professionals keep doing it? How do you get them to stop?A recent JAMA Network study on PHI breaches provides insights into employee behavior regarding privacy data, and how that behavior can be corrected.
In my experience, hospitals typically don't add any kind of PHI access logging to their Data Repository reports. This seems like a gap in PHI monitoring. It may be true that HIPAA provides an exemption from “disclosure reporting” for access to PHI for treatment, billing, or government reporting. However, protection of PHI should involve monitoring of access, and if you do not have any monitoring in place in your MEDITECH DR reports, you may have a gap in your patient privacy monitoring.