Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
we discuss some common myths (or points of confusion) surrounding HIPAA compliance requirements.
Glossary Myth is a widely held but false belief or idea.
Links
HealthIT.gov Top 10 Myths of Security Risk AnalysisHealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis
Notes
-
Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share:
With anyone the patient identifies as a caregiver
When the information is directly relevant to the involvement of spouse, family member, friends, or caregivers. (Ebola for example)
When necessary to notify a caregiver about a change in condition or location of a patient (as long as the patient doesn't object)
When in the best interest of the patient regardless of their ability to object or not
-
The security risk analysis is optional for small providers and business associates. False. Everyone is required to abide by the Security Rule which specifically requires a security risk analysis.
-
A checklist will suffice for the risk analysis requirement. False.Checklists are tools for doing the analysis and gathering your data but they aren't enough to meet the risk analysis requirement. A Security Risk Analysis must include three main elements (according to OCR guidance):
A. Identification of all PHI sourcesB. Human, electronic and environmental threats to the PHIC. Review of current security measures to protect the PHI from those