Archive for the ‘HIPAA’ Category
Friday, February 4th, 2011
NOTE: This is a repost for those that have browsers that could not open the original. Hopefully this will fix the problem!
Over the years I’ve had a lot of organizations ask me about whether HIPAA applies to faxes, copy machines, and other types of specific technologies. It is very important that covered entities (CEs), business associates (BAs) and their subcontractors understand that HIPAA applies to protecting the information! It doesn’t matter what the conduit is for how the information is transmitted, or where it is stored or accessed from. The important point is that protected health information (PHI), in all forms, must be protected. The Security Rule applies to only electronic data, but the Privacy Rule and HITECH apply to all forms of PHI. Okay; let’s keep this in mind when considering the following question I got earlier this week from a HIPAA business associate… (more…)
Tags:Compliance Helper, fax, Rebecca Herold, risk management
Posted in BA, CE, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | No Comments »
Friday, February 4th, 2011
Over the years I’ve had a lot of organizations ask me about whether HIPAA applies to faxes, copy machines, and other types of specific technologies. It is very important that covered entities (CEs), business associates (BAs) and their subcontractors understand that HIPAA applies to protecting the information! It doesn’t matter what the conduit is for how the information is transmitted, or where it is stored or accessed from. The important point is that protected health information (PHI), in all forms, must be protected. The Security Rule applies to only electronic data, but the Privacy Rule and HITECH apply to all forms of PHI. Okay; let’s keep this in mind when considering the following question I got earlier this week from a HIPAA business associate… (more…)
Tags:Compliance Helper, fax, privacy rule, Rebecca Herold, security rule
Posted in BA, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 5 Comments »
Wednesday, February 2nd, 2011
I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them. There just are not enough hours in the day to answer them all, but I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.
I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)
Tags:awareness, healthcare, HHS, HIPAA, HITECH, hospital, Information Security, insider threat, OCR, PHI, privacy, Rebecca Herold, Rowan Regional Medical Center, training
Posted in healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Privacy Incidents, Training & awareness | 2 Comments »
Tuesday, January 4th, 2011
On December 20, 2010, the U.S. federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” If you are a healthcare Covered Entity (CE), Business Associate (BA) or BA subcontractor, as defined under HIPAA and HITECH, this should be of interest to you. Why? Because within it is the long-awaited Department of Health and Human Services (HHS) timeline for when they would publish the final rule of the Notice of Proposed Rule Making (NPRM) that came out in July, 2010. The date? Well, (more…)
Tags:ARRA, BA, CE, compliance, healthcare, HIPAA, HITECH, Information Security, NPRM, privacy, Rebecca Herold
Posted in HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 3 Comments »