Submit your HIPAA questions to Editor John Castelluccio at firstname.lastname@example.org and we will work with our experts to provide the information you need.
Q: Do healthcare organizations need to log all documents before shredding? I have my staff log all documents that were scanned and indexed before they are placed in the bin for shredding. Once I receive the certificate of destruction, we match the log sheets with the certificate of destruction for documentation purposes. Once matched with our log sheets, the certificates of destruction are kept in log books. This is done with the anticipation of court appearance. I will need to produce policies and procedures for certificates of destruction.
The national Blue Cross Blue Shield Association (BCBSA) announced July 14 that it would offer these free services as a permanent benefit to more than 106 million customers at all Blue companies nationwide.
This is the latest step in the health insurance giant’s efforts to protect customer safety and security in a world where cyber-attacks are a constant threat to every business and government entity. BCBS companies have, consequently, taken aggressive steps to protect their customers and lead the healthcare industry in cybersecurity, according to a press statement.
St. Elizabeth’s Medical Center in Boston has agreed to a corrective action plan and civil fine of $218,400 with OCR to address deficiencies in its HIPAA compliance program following employee practices at the hospital that exposed ePHI on more than 1,000 patients.
OCR initially received a complaint in November 2012 that hospital employees were allegedly storing patient records containing PHI in an unsecure online document sharing application without analyzing the risks of doing so, according to a July 8 resolution agreement between OCR and St. Elizabeth’s. Those documents contained the ePHI of at least 498 patients.
The New York Giants reportedly didn’t even know their defensive-end Jason Pierre-Paul had one of his fingers amputated before his medical charts appeared in news reports July 8, but that’s a story for another audience.
ESPN reporter Adam Schefter isn’t in trouble for posting a picture on Twitter of what looks like Pierre-Paul’s medical chart—journalists aren’t covered by HIPAA—but staff members at Jackson Memorial Hospital in Miami and the hospital itself could be facing some stiff sanctions for releasing the records to a reporter.