Tag Archives: PHI

Adding more class to Information Governance (Part 2)

In this series on establishing security classifications for your company’s information, last week’s post looked at one aspect – the widely varying definitions of Protected Information under state PII breach notification statutes. But if your organization is a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), the definition of Protected … Continue Reading

Cops or Robbers: PHI, the IRS and IRDs

HIPAA and the IRS. There isn’t a whole lot of guidance out there about what to do when the IRS knocks on your organization’s door and asks for protected health information. Should the agency be treated as a cop or robber? The most risk-averse approach for a HIPAA-covered entity or business associate to take is … Continue Reading

IG perspective: Are wearable fitness trackers fit for the workplace?

Wow, our group health plan premiums are crushing us. Wait a minute—what if we ramped up our company’s wellness program, using cool technology to help get our workforce in shape? Let’s get all our employees to use those wearable fitness tracker gizmos! We can fold those into our BYOD program, offer a device subsidy, and … Continue Reading

90% of information governance is half contracting

Yogi Berra will be missed, but his wisdom will endure. Who else could have observed “No one goes there nowadays. It’s too crowded”? The information governance equivalent is “No one has information anymore. There’s too much of it.” In the last decade we have witnessed the systemic utilitization of computing power. Data used to be housed predominantly … Continue Reading

Decrypting what you need to know about encryption keys

Some weeks ago I experienced that sinking feeling that comes with locking your keys in the car. Fortunately, I was only a phone call and a 20-minute wait away from rescue. But how can that happen, you ask, given all the modern safeguards built into automotive key technology? Don’t cars these days alert you or … Continue Reading

Privacy & security issues for ACO participants

Healthcare is trending toward value-based payments. Back in January, Sylvia Burwell of the of the U.S. Department of Health & Human Services announced Medicare’s move toward paying providers based on quality, rather than quantity, of care they give to patients. Secretary Burwell emphasized the importance of alternate payment models, including accountable care organizations (“ACOs”). Regardless of whether … Continue Reading

Seven steps to better information management for small health practices

Ineffective wireless encryption Taped-over door lock on data room Inadequate passwords Computers without adequate log-off Disabled audit logging Unencrypted email and laptops Former employees with inappropriate network access These vulnerabilities and more (a total of 151) were found at seven large hospitals during a round of audits by the Department of Health & Human Services. … Continue Reading

Another notch in the hacking holster: Cyber outlaws hit Anthem hard

Having no need to brandish bandanas to obscure identity or firearms to force entry, cyber bandits, in a sophisticated and well-orchestrated robbery, waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, … Continue Reading
LexBlog