General Right The HIPAA Privacy Rule generally requires organization’s health plans and most health care providers (Covered Entities) to provide individuals, upon request, with access to the protected health information…

State Law Pre-emption State laws that are contrary to the HIPAA regulations are pre-empted by the federal requirements, which means the federal requirements will apply. “Contrary” means it would be…

Storage Security An end user device is a personal computer (desktop or laptop), individual device (e.g., personal digital assistant [PDA], smart phone, etc.), or removable storage media (e.g., USB flash…

Right to Confidential Communication Accommodate reasonable requests for communications to individuals by alternative means or at alternative location: Some individuals may prefer communications through unencrypted e-mails; Other individuals may not…

Install a Personal Firewall A firewall detects any unexpected incoming connections from the Internet or unexpected outgoing connections o the Internet. These connections may be used to send information from…

Issues Related to De-Identification De-identifying PHI according to HIPAA Privacy Rule may enable many research activities; however, the HIPAA Privacy Rule recognizes researchers may need access to, and the ability…

Personal Password Security Recent hacking events at retail stores and financial institutions have made us more aware about protecting our personal passwords. How often do you change passwords for your…

Security Guidelines for Working Offsite When working offsite, remember: Do not take confidential information offsite unless:You have official authorization from your department or division manager and department policy or practice…