Has your organization conducted a risk analysis to ensure effective and appropriate administrative, physical and technical safeguards to secure electronic protected health information (e-PHI)? If not, every year, the Department of Health and Human Services Office of Civil Rights (OCR) develops guidance to help organizations comply with HIPAA privacy rules.
One recommendation from OCR's May 2010 guidance asks organizations if they have performed an analysis of possible risks and threats to health information. As technology has developed, so has the risk of committing a HIPAA violation, whether intentional or accidental. For example, social networking has made it easier for healthcare professionals to "vent" about a problem patient, and physicians are even starting to request that patient information be sent to them via text message. While not all of these may be HIPAA violations, the flow of patient information can certainly make employers and healthcare entities nervous.
For tips and guidelines on how to perform a risk analysis, see the following guidance and make sure that your employees and colleagues know the ins and outs of HIPAA: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/radraftguidance.pdf