Health Information Compliance Alert
Investigate Audit's Security Breaches
PDF
Question: We have begun auditing our computer systems. Through the audit logs, we discovered that some patient files were inappropriately accessed. Do those logs need to be included in our patients' accounting of disclosures? West Virginia Subscriber Answer: "No," says John Parmigiani, senior VP for Consulting Services at QuickCompliance in Avon, CT. However, the log should facilitate your HIPAA security rule-mandated incident reporting system, he says. "If you determine nothing's been exposed, you're under no reporting requirements," adds Fred Langston, a principal with VeriSign in Seattle, WA. If there has been exposure, the breach must be handled in accordance with your facility's defined policies and procedures for incidents, he confirms. The Bottom Line: "Auditing flows into the incident response," Parmigiani explains. When a potential breach is discovered, the incident response team then investigates it and makes the necessary contacts, Langston concurs.
Health Information Compliance Alert
- Security Strategies:
Check Your Security Plan For These Safety Measures
Visitors could be downloading PHI right under your nose. Safeguarding your practice from security breaches [...] - Security Tool:
Review Your Security Compliance With This Risk Assessment Checklist
Handy form helps you estimate your practice's vulnerabilities. You know it's time for a security [...] - Medicare:
Don't Let These NPI Traps Kill Your Cash Flow
No news might turn into really bad news -- soon. Now's the time to sound [...] - Compliance Strategies:
Allow Patients Access To PHI With These Compliance Tips
Your response to PHI requests could save your compliance program. The privacy rule gives your [...] - Health Information Update:
PSOs Get The Word Out On Patient Safety Data
HHS makes good on vow to provide better access to patient safety data. The Department [...] - You Be The Security Expert:
What Do We Do When Our Manager Won't Enforce HIPAA?
Question: What is the duty of a compliance officer whose organization refuses to enforce HIPAA [...] - Reader Questions:
Get Signed Consent For Inmate's PHI
Question: Our hospital recently treated an inmate of the county correctional facility. Can we discuss [...] - Reader Questions:
Traveling Nurse Should Use Discretion
Question: We have a traveling nurse who works at several hospitals in the same town. [...] - Reader Questions:
Investigate Audit's Security Breaches
Question: We have begun auditing our computer systems. Through the audit logs, we discovered that [...]