Top executives at healthcare organizations must take the lead in overcoming a culture that portrays privacy and security as barriers, says Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT.
As the Sept. 23 enforcement deadline for HIPAA Omnibus approaches, an error that many business associates are making is thinking that compliance can be achieved with a simple checklist, says consultant Andrew Hicks.
After months of delay, a hearing has been scheduled to discuss a controversial accounting of disclosures proposal that calls for giving patients the right to a full report outlining who has accessed their records.
Improper disposal of protected health information poses significant risks, as recent breach incidents demonstrate. That's why organizations need to do a better job vetting disposal companies and verifying that data or devices are actually destroyed.
With promises of ramped up HIPAA enforcement by federal regulators, and changes in the breach notification rule under the HIPAA Omnibus Rule, it's time for organizations to get serious about insider risks.
The advocacy group Patient Privacy Rights has co-developed a "trust framework" that IT vendors and their clients can use to help measure compliance with privacy principles. But will it prove practical?
In the aftermath of a massive health data breach last year and a smaller incident this year, the state of Utah is taking a number of steps, including creating a data security office within the health department.
An advisory panel is outlining how to address privacy and security issues involved in the exchange of patient information among healthcare providers using the query and response method. How will the recommendations be put to use?
The new Aurora Research Institute is taking multiple steps to protect the privacy of patients who participate in medical research, clinical trials and personalized medicine endeavors, says institute leader Randall Lambrecht.
Healthcare organizations signing new deals with vendors, including many cloud services providers, must make sure that their business associate agreements reflect the new HIPAA Omnibus Rule's requirements.