Another HIPAA Proposed Rule: Patients’ Access to Test Reports
Yesterday the HHS proposed rules that would give patients (and their authorized representatives) direct access to their own laboratory test result reports… The proposed rule is being jointly issued by...
View ArticleDo Subpoenas Trump HIPAA and/or Trample Security Of PHI?
On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the...
View ArticleClik here to view.
Is A W-2 PHI?
“Is a W-2 form protected health information?” is a simple question with a complex answer that begins (I know, to the nail-biting chagrin of many), “It depends…” First the full question: “If a scan of a...
View ArticleClik here to view.
Back to the Future Security Basics: Security through Obscurity Still Does Not...
Last week I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting. He included...
View ArticleClik here to view.
Lack of Basic Security Practices Results in $1.7 Million Sanction
July 4 Update to Original Post: See additional recent statements from the OCR and the Alaska DHSS about this case here. Here is a significant sanction, just applied, that all organizations, of all...
View ArticleClik here to view.
ISMS Certification Does Not Equal Regulatory Compliance
Last week I got the following question: “By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are...
View ArticleClik here to view.
Should You Rush to Execute a BA Agreement Today? Probably Not
The final HIPAA “mega rule” is going to be officially published on the Federal Register tomorrow, January 25, 2013. Currently the version available...
View ArticleClik here to view.
How Physical Harm Impacts Can Drive Huge HIPAA Penalties
Are you a covered entity (CE) or business associate (BA) as defined by HIPAA? There are literally millions of organizations in the U.S. that fall under these definitions, and possibly additional...
View ArticleClik here to view.
How Long is the Liability Tail?
Don’t tell me it depends! Well, sorry, but… I’ve been involved in several interesting discussions (some with lawyers, some with security folks, some with privacy folks, and a few of the folks wearing...
View ArticleClik here to view.
You Don’t Attain Your Clients’ Compliance
Someone recently commented that I write a lot of blog posts based on my work and what my clients, students and others I meet at conferences and training classes have said or done. Well, that’s because...
View Article
