From the Desk of Matt Fisher – ICYMI

By Matt Fisher, Esq
Twitter: @matt_r_fisher
Host of Healthcare de Jure – #HCdeJure

Tune in weekdays at 2pm, 10pm or 6am ET as Matt serves up the hottest healthcare issues of the day, all from a legal point of view.  From public policies and Federal initiatives to privacy and security, join host Matt R. Fisher as he and his guests discuss a smorgasbord of topics, giving hospitals, physicians, vendors and patients a seat at the table. Matt’s virtual conversations can be listened to on demand or heard on air. So don’t miss a minute of what’s on the menu.

ICYMI, read the latest of Matt’s blogs. And don’t forget to join the conversation with Matt on #HCdeJure.

Step By Step: Incremental Telehealth Change
Building on years of hype and promise, telehealth began to get its moment in early 2020 when COVID-19 brought much of the healthcare system to a halt as a means of enabling care to be focused on the growing pandemic. With the sudden thrust to center stage, an overnight scramble started across all types of care delivery organizations from physician practices to hospitals to skilled nursing facilities, and countless others. Many lessons were learned in addition to identification of further opportunities and issues to improve. Continue reading on HealthIT Answers.

Too Many Threats, Too Often
It used to be that almost a day could not go by without the report of a phishing attack. Now seemingly a day cannot go by without a ransomware attack being reported. While phishing may be a route in, it is not the only way to get past an organization’s defenses. Avenues of attack are evolving over time, with the only consistent issue being that privacy is compromised. Even if all threats cannot be stopped, it is instructive to be aware of the nature of the threats that are rising as a means of implementing more defenses to make a successful attack harder. Continue reading on HealthIT Answers.

Access Management: Who Can be on the System
Who can be on a healthcare organization’s system and who can access patient information? HIPAA establishes very clear guidelines and expectations on that front. The baseline expectation is that only individuals who are actually part of an organization’s workforce can access information and then only to the extent connected to the individual’s role and responsibilities. When an individual leaves an organization’s workforce, then all access should be shut off to avoid a continued ability to obtain patient information. Again, HIPAA regulations contained in the Security Rule are clear on these points. Continue reading on HealthIT Answers.

National or Local: How Should Privacy be Determined
The debate around privacy that had been forefront of mind for many prior to COVID-19 disrupting everything has not gone away. Instead, privacy has been simmering in the background, every so often be thrust into the spotlight during the course of the pandemic. The spotlight has shown because of the need for data around individuals infected with and/or exposed to the virus, research, data collection, and the rapid increase in the number of cyberattacks on organizations holding sensitive data. The short list of issues is just that though, a list of issues impacting privacy, not what is or could be done to enhance privacy. Continue reading on HealthIT Answers.

Listen in on one of Matt’s Healthcare de Jure episodes.