PHI

On January 8, HHS announced a settlement of $337,750 with USR Holdings for a violation of the HIPAA regulations. This is significant due to the nature of the HIPAA Violation. Among the violations by USR Holdings was Deletion of electronic Protected Health Information.

PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their Downtime Contingency Plan. A downtime contingency plan are the procedures that are followed to maintain the ability to provide patient care in the event of a computer outage. This typically involved going back to recording patient information on paper for later entry into the computer systems when they are back online.

HIPAA has specific rules of who you can share patient information with. Some disclosures are permitted only with patient consent, other disclosures are permitted without consent.

Business Associate Agreements are necessary contracts between healthcare providers and Business Associates. Required by HIPAA, the BAA provides protections for your office and the PHI that your office shares with Business Associates.

Under HIPAA, you are responsible to protect Protected Health Information (PHI). But what exactly is PHI?

When discussing text messaging, the best practice is to NOT text patients. However, texting can be a useful tool and there are steps your office can take to mitigate the risks associated with texting patients.