I hope you are all having a wonderful holiday season! I hadn’t planned to take the past few days off from blogging, but something like the flu (probably the flu) hit me like a bag of bricks on Christmas day and I’ve been curled in a fetal position in my bed for the past few days. Oddly enough while laying there feeling like my bones were all slowly dissolving (and thinking about the types of body braces you’d need to create to deal with something like that!) I was also thinking about how silly it was for the Health Insurance Portability and Accountability Act (HIPAA; and any industry-specific data protection law) to define that the only organization’s that would legally need to safeguard protected health information (PHI) are the narrowly defined covered entities (CEs); healthcare providers, healthcare insurers and healthcare clearinghouses.
Posts Tagged ‘patient privacy’
New HHS Guidance States HIPAA Does Not Apply To PHRs
Sunday, December 28th, 2008HIPAA Violation: Healthcare Worker Writes About Patients On MySpace
Thursday, December 4th, 2008What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?
CMS Gets Heat Over Not Actively Enforcing HIPAA
Tuesday, November 18th, 2008To date the Centers for Medicare and Medicaid Services (CMS) has not actively pursued HIPAA Security Rule compliance. Instead they have depended upon complaints to drive their investigations. However, as this article nicely points out, depending upon patients and healthcare workers to complain about problems leaves MANY HIPAA non-compliance issues…including significant information security and privacy vulnerabilities…dangerously unknown…
Example Of How Many Healthcare Providers Do Not Understand HIPAA
Wednesday, November 12th, 2008HIPAA is misunderstood by many personnel who work for healthcare providers; probably because they do not receive effective or good training about HIPAA. Here is a good example of how healthcare providers inappropriately withhold information in the name of HIPAA…
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
New HHS Guides For HIPAA Privacy Rule
Monday, September 22nd, 2008Did you see that the Department of Health and Human Services (HHS) released some new guidance documents for the Healthcare Portability and Accountability Act (HIPAA) Privacy Rule compliance activities on September 17?
I need to go through them more thoroughly, but upon a quick scan they look like they contain some pretty good, and interesting, guidance information for both patients and healthcare providers…
Six Ways Organizations Can Lessen Mobile Computing Risks
Friday, June 20th, 2008Geesh, every single day there is at least one news report about a stolen or lost mobile (laptop, notebook, PDA, Blackberry, etc.) computer! Today one of the reports was about a laptop computer, containing cleartext information about 11,000 hospital patients, that was stolen from a doctor’s home in Staffordshire, U.K.
A couple of days ago I posted the first section from the second article in my “IT Compliance in Realtime” journal issue for June.
Here’s the second section from that article…
Risks & Compliance: Giving Personnel Access to Their Own, And Coworkers’, Records is Generally a Bad Idea
Wednesday, April 2nd, 2008I get several questions from folks about various information security, privacy and compliance issues. I answer all I can. Most of them are great, thought-provoking questions that help to spawn a nice discussion!
I recently got a very good and interesting question from a healthcare provider that all organizations really need to put some thought into. With this in mind, the following is the de-identified message I recieved, along with my slightly edited reply…
Yet Another Stolen Laptop With Clear Text Patient PII
Tuesday, March 25th, 2008Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…
