PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

What Should Privacy Awareness Training Include?

Privacy Awareness Training 01

Privacy awareness training educates an organization’s workforce about the way that the organization protects privacy and the workforce’s role in this endeavor. In this post, I explain what privacy awareness training should include. Privacy awareness training typically covers the following things:

Continue Reading

The Failure of HIPAA’s Right of Access

HIPAA Right to Access PHI - TeachPrivacy 02

One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance.  More than half of medical providers included in the recent medRxiv study did not meet the basic requirements in HIPAA for providing medical records.  A further 20% of the providers would not provide records until requests were escalated to supervisors.  Which means that more than 70% of the subjects studied would not have been in compliance had the supervisors not been involved.

HIPAA provides that “an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set.” 45 CFR §164.524

I have written on numerous occasions about patient control of their own records and reforms needed to support this right.  Getting access to medical records doesn’t seem to have improved very much.  Despite HIPAA’s right of access, it doesn’t seem to be taken very seriously by providers.

Continue Reading