Publications & Resources

HHS has issued an alert that a phishing scam email is being circulated on mock HHS departmental letterhead. This email, which appears to be an official government communication to HIPAA covered entities, prompts recipients to click a link regarding possible inclusion in the HIPAA audit program.

Natural or manmade disasters and building malfunctions can befall a dentist’s office, resulting in the partial or complete destruction of dental records. These catastrophes do not, by themselves, automatically absolve a dentist from the responsibility to maintain patient records.

All healthcare related entities should periodically complete a system-wide risk analysis, implement a risk management plan and strengthen internal policies and procedures to mitigate, if not eliminate, the possibility of such an event from occurring. As highlighted by this case, such risk analysis must take into account computers and devices used by employees both in and out of the office or facility.

Before responding to a request to allow a high school or college student shadow you at an office or facility, consider the medical liability and patient safety risks.

When protections fail and Patient Health Information is compromised, HIPAA requires covered healthcare providers to notify patients, HHS and, in some cases, the media.