Attorney Ellen Giblin describes who should be involved in determining whether a breach should be reported in compliance with the new breach notification requirements of the HIPAA Omnibus Rule. She also offers other compliance insights.
As the Sept. 23 enforcement deadline for HIPAA Omnibus approaches, an error that many business associates are making is thinking that compliance can be achieved with a simple checklist, says consultant Andrew Hicks.
A class action suit has been filed against Advocate Medical Group following the theft of four unencrypted computers that may have exposed data on 4 million patients. Learn more about the allegations the lawsuit makes.
Lee Kim, the new director of privacy and security at HIMSS, says keeping track of where sensitive data is located, detecting breaches and dealing with insider threats are among the most critical issues.
As healthcare organizations ramp up HIPAA compliance efforts, they should make far greater use of guidance from the National Institute of Standards and Technology, says security consultant Mac McMillan.
If your organization's leadership has been lukewarm to funding information security efforts, it's time to turn up the heat before you end up in hot water with federal regulators enforcing the HIPAA Omnibus Rule.
When participating in a health information exchange, providers need to take several HIPAA Omnibus Rule compliance steps, including spelling out responsibilities in the event of an HIE breach, says attorney Helen Oscislawski.
To build credibility for its HIPAA enforcement efforts, the Department of Health and Human Services needs to ramp up its breach prevention efforts for the health insurance exchanges slated to begin operations Oct. 1.
An important aspect of HIPAA Omnibus Rule compliance for covered entities as well as business associates and their subcontractors is policing what privacy attorney Gerard Stegmaier calls "the data supply chain."