From the Desk of Matt Fisher – ICYMI
Tune in weekdays at 2pm, 10pm or 6am ET as Matt serves up the hottest healthcare issues of the day, all from a legal point of view. From public policies and Federal initiatives to privacy and security, join host Matt R. Fisher as he and his guests discuss a smorgasbord of topics, giving hospitals, physicians, vendors and patients a seat at the table. Matt’s virtual conversations can be listened to on demand or heard on air. So don’t miss a minute of what’s on the menu.
ICYMI, read the latest of Matt’s blogs. And don’t forget to join the conversation with Matt on #HCdeJure.
The Many Forms of HIPAA Enforcement
How is HIPAA enforced? That may be a simple enough question, but it also contains more nuance than may initially be expected. Determining how HIPAA is enforced can depend upon how the term enforcement is viewed and interpreted. The first step is to define enforcement. The dictionary definition of enforcement includes the following statements: (i) to give force to, (ii) to urge with energy, (iii) constrain, compel, (iv) to effect or gain by force, or (v) to carry out effectively. Continue reading on HITECH Answers.
A Phishing Epidemic: Constant Stream of Reports
Since at least the beginning of the summer, it seems as though no day can go by without another phishing incident being reported by a healthcare entity. The reports are almost always the same too. After some period of time (usually not the same day), unauthorized activity will be found in the email account of one or more employee. A forensic analysis will be conducted that cannot conclusively determine what, if any, patient information or other data were accessed. Out of an abundance of caution though, a breach notification is provided to enable potentially impacted individuals to monitor accounts in the event of suspicious activity, with the entity sometimes covering the cost of such monitoring. Continue reading on HITECH Answers.
Time to Improve Awareness
Doing the right thing or merely demonstrating compliance with requirements is hard to do when knowledge of expected or necessary requirements is missing or not sufficient. In such a situation, it becomes harder to fault individuals for the resulting missteps or violations. Unfortunately, lack of awareness is a primary issue plaguing security efforts in healthcare. Continue reading on HITECH Answers.
Listen in on one of Matt’s Healthcare de Jure episodes.