By Lucia Savage JD – Important work to ensure the health system is functioning properly is conducted by a wide variety of entities at the federal, state, and local level.
Read More
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.
By Bob Grant – Understanding the regulatory requirements that govern the use and disclosure of protected health information (PHI) is essential for health care professionals operating across the country. However, federal HIPAA regulation only accounts for a portion of those requirements.
By Irv H. Lichtenwald – Not that long ago, healthcare worried mostly about the physical loss of personal health information (PHI) by way of a lost thumb drive, a stolen laptop, some misplaced paper files. These were the primary concerns in HIMSS initial 2008 security survey.
Five years later, the largest healthcare security breaches came from cyber attacks not lost or stolen devices.
By Matt Fisher – With the start of a new year, it seems like a good time to take stock of privacy of healthcare information, which is currently a very hot topic. As was discussed in great detail, 2015 saw a continuing explosion of breaches concerning healthcare information, which put both privacy and security in the limelight.
By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.
By Steve Spearman – This past summer, the state of Colorado’s Medicaid program, the Colorado Department of Health Care Policy and Financing (HCPF), accidentally sent letters containing PHI to the wrong addresses, affecting individuals from 1,069 households.
EHNAC announced it is developing an accreditation program for data registries to ensure that these entities meet the privacy and security obligations expected of all large-scale handlers of protected health information (PHI).
By Terry Edwards – The healthcare industry is known for being conservative and slow-moving. It can take years, or even decades, for changes to take hold. In fact, (as a side bar), my company recently executed an agreement with a system that took two years to get through legal.