OCR Unveils HIPAA Hotspots
The Office for Civil Rights has revealed the top areas of interest on its HIPAA privacy and security compliance radar.
Adam Greene, former senior health information technology and privacy advisor at OCR and now partner at the law firm Davis Wright Tremaine in Washington, D.C., recently discussed each hot topic with HealthLeaders Media.
Hotspot: Incident detection and response (OCR's top issue)
Greene: I recommend both a top-down and bottom-up approach. From the top, covered entities and business associates should evaluate whether they are reasonably logging system activities and reviewing those logs in a way that is reasonably likely to detect impermissible uses and disclosures.
From the bottom, covered entities and business associates should ensure that all staff who have access to PHI are reasonably trained to be able to spot an impermissible use or disclosure and report it to the appropriate person (since the HITECH Act makes clear that the entire organization is treated as knowing of a breach if anyone, other than the person who committed the impermissible use or disclosure, knows of the breach.
Hotspot: Review of log access
Greene: No entity can review every instance of access. The key is how to reasonably spend your limited resources in a way that will best identify problems. This generally should include looking for patterns of unusually large access by an employee and paying special attention to high risk areas such as access to patient records of VIPs.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- 3 Traits Personality Assessments Can't Reveal
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CHS Hacked, 4.5M Patient Records Compromised
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Large Employers Trimming Healthcare Spending
- 3 Things the Ice Bucket Challenge Can Teach Hospital Marketers