Articles Tagged With: PHI
-
Information Blocking Still Happening After Cures Act
Information blocking is a threat to patient safety, but it still occurs regularly, despite the penalties for noncompliance laid out by the 21st Century Cures Act. Recently, the HHS Office of Inspector General announced its final rule establishing penalties of up to $1 million for any entities that block the flow of necessary health data.
-
Email Retention Requirements for HIPAA Often Misunderstood
HIPAA requires that certain emails and other electronic communications be retained for a set period, but covered entities often misunderstand exactly what must be saved and for how long. The Security Rule requires healthcare organizations and health plans to retain electronic communications containing HIPAA policies and procedures for at least six years.
-
OCR’s Report to Congress Shows Increase in Complaints
The Office for Civil Rights’ annual report to Congress showed “significant increases” in HIPAA complaints — 34,077 new complaints in 2021, a 25% increase from 2020. Complaints increased 39% from 2017 to 2021.
-
Breaches Sometimes Kept Secret, but Decision Is Highly Dangerous
Cybersecurity professionals often are told to keep breaches confidential, according to a recent survey that suggests healthcare organizations may be risking serious consequences for not reporting the improper loss of protected health information controlled by HIPAA.
-
Reality TV Shows Still Pose Great Risks to Hospitals
Even after hospitals were fined millions of dollars for participating in reality TV shows, some healthcare facilities are allowing cameras in again. The experience comes with great risk. The Office for Civil Rights has penalized hospitals for HIPAA violations related to reality TV.
-
Killnet Group Targets U.S. Hospitals with Cyberattacks
Hospitals and health systems should review their defenses against the cyber breach known as Distributed Denial of Service in response to threats from the pro-Russia hacktivist group known as Killnet. More than a dozen hospitals have been hit by Killnet attacks, taking down forward-facing webpages and breaching protected health information.
-
Tracking Software Can Lead to HIPAA Violations
The HHS Office for Civil Rights has released a bulletin warning the use of website tracking technologies could result in HIPAA violations. Covered entities need to review their use of these tracking technologies and make necessary improvements.
-
Online Collaboration Platforms Create HIPAA Exposures
Business communications are rapidly and dramatically moving from email to various collaboration platforms like Slack, Workplace by Meta, and Microsoft Teams. PHI can easily end up stored as part of collaboration data — a relatively new data set that is uniquely different from other electronic channels because of its fragmented and nuanced nature.
-
Proper Disposal of PHI Required, Often Overlooked
The Office for Civil Rights announced a settlement with a Massachusetts dermatology clinic regarding the improper disposal of PHI, which serves as a reminder HIPAA compliance is not only about protecting data from hackers. Covered entities also are responsible for disposing of PHI appropriately.
-
Video Recording Raises Risk, Requires Policy Consideration
Video recording has been problematic in healthcare for decades, ever since the home video camera became common. With the proliferation of smartphones and remote video monitoring, hospitals and health systems are facing a new wave of questions and potential risks from video recording in patient care settings.