Health Information Compliance Alert
INVESTIGATE AUDIT'S SECURITY BREACHES
PDF
Question: We have begun auditing our computer systems. Through the audit logs, we discovered that some patient files were inappropriately accessed. Do those logs need to be included in our patients' accounting of disclosures? Answer: "No," says John Parmigiani, senior VP for Consulting Services at QuickCompliance in Avon, CT. However, the log should facilitate your HIPAA security rule-mandated incident reporting system, he says.
"If you determine nothing's been exposed, you're under no reporting requirements," adds Fred Langston, a principal with VeriSign in Seattle, WA. If there has been exposure, the breach must be handled in accordance with your facility's defined policies and procedures for incidents, he confirms.
The Bottom Line: "Auditing flows into the incident response," Parmigiani explains. When a potential breach is discovered, the incident response team then investigates it and makes the necessary contacts, Langston concurs.
Any breaches must be reported, experts agree. "The key function of the reporting requirement is to make sure people whose information has been or may have been compromised have the ability to react," Langston reminds.
Health Information Compliance Alert
- Security Strategies:
Check Your Security Plan For These Safety Measures
Visitors could be downloading PHI right under your nose.
Safeguarding your practice from security breaches may [...] - Security Tool:
Review Your Security Compliance With This Risk Assessment Checklist
Handy form helps you estimate your practice's vulnerabilities.
You know it's time for a security risk [...] - Compliance Strategies:
Allow Patients Access To PHI With These Compliance Tips
Your response to PHI requests could save your compliance program.
The privacy rule gives your patients [...] - YOU BE THE SECURITY EXPERT:
WHAT DO WE DO WHEN OUR MANAGER WON'T ENFORCE HIPPA?
Read the situation below and decide how you would handle it before you compare it [...] - Privacy Compliance:
Recruit Research Participants Without Hitting HIPAA Hurdles
Here's a roadmap to guide you safely down the rocky recruitment path.
While most of the [...] - READER QUESTIONS:
GET SIGNED CONSENT FOR INMATE'S PHI
Question: Our hospital recently treated an inmate of the county correctional facility. Can we discuss [...] - READER QUESTIONS:
TRAVELING NURSE SHOULD USE DISCRETION
Question: We have a traveling nurse who works at several hospitals in the same town. [...] - READER QUESTIONS:
INVESTIGATE AUDIT'S SECURITY BREACHES
Question: We have begun auditing our computer systems. Through the audit logs, we discovered that [...] - INDUSTRY NEWS:
Prescription Drug Package Inserts Encourage Better Compliance
Long-overdue redesign improves information but sparks controversy.
The Food and Drug Administration wants drug companies to [...]