Federal officials should consider a major revamp of a proposal that would require healthcare organizations to provide patients with a report listing everyone who has electronically accessed their records, a former government official who helped draft the proposal says.
The Health IT Policy Committee has endorsed best practices for giving patients clear and simple guidance regarding how to safeguard electronic health records when viewing or downloading them, such as through a hospital's or clinic's portal.
When preparing for a potential HIPAA compliance audit, former HIPAA enforcer Adam Greene advises healthcare organizations: "Don't panic. I'm skeptical if it's possible for an organization to be 'audit-proof.' If you try to scramble and get everything in order, you may fail."
Looking at the international stock market crash and the impact it's likely to have on future investments in fraud detection and prevention, how much can banks and credit unions reasonably afford, when economic stability is shaky and the financial future uncertain?
The soon-to-be-launched HIPAA compliance audit program likely will initially offer comprehensive assessments of compliance with the HIPAA privacy and security rules, rather than focusing on specific narrower issues, says Susan McAndrew of the HHS Office for Civil Rights.
"The lack of individual accountability over user accounts provides ample opportunities to conceal malicious activity such as theft or misuse of veteran data," VA Assistant Inspector General Belinda Finn says.
Dan Rode of the American Health Information Management Association describes why the group wants to see major revisions in a proposed federal rule requiring hospitals, clinics and others to give patients access reports listing everyone who's viewed their records.
Two electronic health records pioneers that already have earned federal EHR incentive payments stress that a robust risk management program should be an essential component of any movement from paper to electronic records.