“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…”
First the full question: Read the rest of this entry »
Is A W-2 PHI?
February 27th, 2012High Tech and Low Tech Continue to Bedevil Info Sec and Privacy Practitioners
January 8th, 2012When looking ahead to what may happen in this new year it is necessary to first look back. Not only to 2011, but when making plans to move forward even further back to help make the best decisions moving forward. I do a lot of reading, including many mainstream publications written for the general public. You can see a lot of trends and problems by reading about how the general public is reporting (or not) about them. I also like to read the various publications specific to information security, privacy, compliance and technology to see the backstories and guts of the problems. Looking at all such reports helps to provide a more comprehensive view necessary for making good decisions. Read the rest of this entry »
Make Privacy One of Your 2012 Resolutions
January 3rd, 2012Happy New Year! I hope your year is starting out great. Have you made it to day 3 without breaking any of your resolutions? How about adding one more… Read the rest of this entry »
Do Subpoenas Trump HIPAA and/or Trample Security Of PHI?
December 10th, 2011On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of Read the rest of this entry »
Another HIPAA Proposed Rule: Patients’ Access to Test Reports
September 14th, 2011Yesterday the HHS proposed rules that would give patients (and their authorized representatives) direct access to their own laboratory test result reports… Read the rest of this entry »
Auditing Patient Records Survey Results
September 10th, 2011There are no specific requirements that the Department of Health and Human Services provide with regards to how often to perform patient records audits (understandably so, since it should be based upon an organization’s own risk environment), and so many healthcare providers wonder what others are doing, or what is “standard” practice. So, to help determine this, from mid- to late-August (two weeks) I posted a very short, completely unscientific, survey specifically to get a feel for what some other hospitals and clinics are doing with regard to auditing patient records access and disclosures, as required by HIPAA. Here are the results… Read the rest of this entry »
Request for Your Participation – SHORT Survey #2: Workstation Timeouts and Lost SSO Badges
September 2nd, 2011I’ve posted the 2nd in a series of SHORT and ANONYMOUS surveys to determine important HIPAA/HITECH compliance activities at hospitals and clinics. However, for this topic it would be good to have all types of organizations/industries participating… Read the rest of this entry »
SHORT Survey For HIPAA Compliance Activity Benchmarking
August 18th, 2011Those of you who work for healthcare providers… Read the rest of this entry »
HIPAA/HITECH Compliance Is All or Nothing
August 16th, 2011I’m seeing growing numbers of business associates, particularly those who do technology-based services, expressing the belief that they don’t need to worry about complying with most of HIPAA. I wrote a guest blog post for Credant about this misguided thinking that was published today. I welcome your feedback!
