From the Desk of Matt Fisher – ICYMI
By Matt Fisher, Esq
Twitter: @matt_r_fisher
Host of Healthcare de Jure – #HCdeJure
Tune in weekdays at 2pm, 10pm or 6am ET as Matt serves up the hottest healthcare issues of the day, all from a legal point of view. From public policies and Federal initiatives to privacy and security, join host Matt R. Fisher as he and his guests discuss a smorgasbord of topics, giving hospitals, physicians, vendors and patients a seat at the table. Matt’s virtual conversations can be listened to on demand or heard on air. So don’t miss a minute of what’s on the menu.
ICYMI, read the latest of Matt’s blogs. And don’t forget to join the conversation with Matt on #HCdeJure.
Closure: Possible Breach Outcome
Any data breach is a major disruption to the operations of a healthcare company. The disruption runs from having to re-secure systems, assess validity of data, and provide public notification of the breach, among other actions. It all takes a lot of time and effort from all areas of the business. The fallout from the response can also lead to closure of the business though, which is a pretty extreme outcome. Continue reading on HealthIT Answers.
Privacy and Direct to Consumer
What is the state of privacy in direct to consumer solutions in healthcare? It is an important question to ask because expectations and reality do not necessarily align. For example, users (patients to a degree) will see a healthcare solution and expect that standard protections will apply. Standard protections typically translate to HIPAA. By contrast, the company side could fall across a spectrum, though compliance with healthcare regulations may often just be voluntary, which would not be very clear to users. Continue reading on HealthIT Answers.
Take Care in Healthcare Marketing
The Office for Civil Rights (OCR) recently provided new lessons when it comes to mixing healthcare marketing and HIPAA. In this case, marketing is being looked at broadly to include not just communications or interactions about an organization subject to HIPAA, but also limits on the use of patient information outside the bounds of the organization. The basic message from OCR is to respect privacy, understand HIPAA’s clear requirements on marketing, and take OCR requests seriously. Continue reading on HealthIT Answers.
HIPAA’s Role in Setting Good Security
The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is the Security Rule within HIPAA. Hopefully, many understand that the HIPAA Security Rule is broken into three components: administrative, technical, and physical. Those areas are further divided into required and addressable elements. The categories of safeguards are what OCR focused on in its assertion though. Continue reading on HealthIT Answers.
Listen in on one of Matt’s Healthcare de Jure episodes.
