Health Information Compliance Alert
User Identification and Sharing PHI
PDF
Question: Regarding the security rule's user identification requirements: If one wanted to have a limited read-only report containing PHI on a PC screen, and all that was displayed on the PC screen was the report, would this be a definite violation of the requirements? In this case, only key staff would have access to the information. What does HIPAA have to say about this? Answer: "This is the one place the guidance for the final [security] rule differs from the proposed rule," says Fred Langston, CISSP, senior principal consultant with Guardent in Seattle. Due to input from nursing groups that work in hospital environments like ERs and CCUs, the user identification rule has been relaxed to allow for group accounts shared in this environment.
California Subscriber
This kind of arrangement can't be just for convenience, warns Langston; it should be driven by a business' functional need and would require all the elements the reader described.
Health Information Compliance Alert
- COMPLIANCE STRATEGY:
Oh No! Your Protected Health Information Is Leaking
Use this 4-step plan to plug holes in your privacy compliance program. You can significantly [...] - PRIVACY:
When Charts Go Home, HIPAA Rules Must Follow
2 strategies help prevent leaks when physicians take charts out of the office. Picture this: [...] - FUNDING:
Assessing PHI Flow Is Key To Compliance Budget
Simple fixes like moving the cash register can save you money. Coming up with a [...] - GENETIC PRIVACY:
Study Shows Genetic Info Lacks Privacy Protections
Employers could be at risk when they collect genetic data from employees. Knowing which rules [...] - PRIVACY:
Do NPPs Require A Skilled Tongue? Here's Your Answer
Take a reasonable approach when addressing the language needs of your patients. Sprechen sie notice [...] - YOU BE THE SECURITY EXPERT:
Two Questions Help Create A BA Agreement
Question: "We're a small hospital and we have several business associate agreements contracts in place, [...] - READER QUESTION:
Avert A Minor Problem
Question: A minor patient requested a copy of his medical record. Would giving him access [...] - READER QUESTION:
Use Common Sense With NPPs
Question: "Required notices sent by financial institutions -- such as the Gramm-Leach-Bliley notices concerning information-collection and [...] - READER QUESTION:
User Identification and Sharing PHI
Question: Regarding the security rule's user identification requirements: If one wanted to have a limited [...] - COMPLIANCE TOOL:
Is A Business Or Agency A Health Care Clearinghouse?
Use this chart to help you identify clearinghouse criteria.