Originally Posted by
rickair7777
It's a reasonable safety measure. Businesses are certainly free to require it (unless federal legislation is implemented which says otherwise).
Currently, health care providers can’t even release immunization data without patient approval except to schools in states it’s required by law. And when it is released, it carries all the privacy protection requirements of HIPPA.
- Impermissible disclosures of protected health information (PHI)
- Unauthorized accessing of PHI
- Improper disposal of PHI
- Failure to conduct a risk analysis
- Failure to manage risks to the confidentiality, integrity, and availability of PHI
- Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
- Failure to maintain and monitor PHI access logs
- Failure to enter into a HIPAA-compliant business associate agreement with vendors prior to giving access to PHI
- Failure to provide patients with copies of their PHI on request
- Failure to implement access controls to limit who can view PHI
- Failure to terminate access rights to PHI when no longer required
- The disclosure more PHI than is necessary for a particular task to be performed
- Failure to provide HIPAA training and security awareness training
- Theft of patient records
- Unauthorized release of PHI to individuals not authorized to receive the information
- Sharing of PHI online or via social media without permission
- Mishandling and mismailing PHI
- Texting PHI
- Failure to encrypt PHI or use an alternative, equivalent measure to prevent unauthorized access/disclosure
- Failure to notify an individual (or the Office for Civil Rights) of a security incident involving PHI within 60 days of the discovery of a breach
- Failure to document compliance efforts
Who wants the liability of getting their IT system hacked and then being prosecuted under HIPPA?
penalties are non-trivial
h