A legislative effort is underway to align some of the provisions of 42 CFR Part 2—the privacy regulation that governs the use and disclosure of substance use disorder information maintained by programs known as “Part 2” programs—with HIPAA.
Protecting your patients’ PHI does not mean just having a breach prevention plan in place and a strong risk analysis program. It’s also about preparing a breach contingency plan, because in today’s world it’s almost inevitable that you’ll experience a breach.
The HIPAA Security Rule requires information systems activity review, but a number of covered entities and business associates have yet to implement a robust security program that includes monitoring audit logs. Per the preamble to the Omnibus Rule, if audit logs are generated and you’re not looking at them periodically, that could be considered willful neglect.
This month's HIPAA Q&A answers readers' questions about doctor's notes for employers, checking a neighbor's medical records, retaining records of out-of-state patients, and training temporary nursing staff.
Your organization does not have to look far to see how important it is for your business associates (BA) to comply with HIPAA. Take a glance at the OCR website for breaches involving 500 or more patients. BAs are regularly involved in these breaches along with covered entities (CE). However, the bad press almost always goes to the CEs.