HIPAA

NIST is a federal agency? How can there be doubters?  Ha ha

https://www.hhs.gov/hipaa/for-professionals/security/nist-security-hipaa-crosswalk/index.html

https://www.nist.gov/policies-notices

https://www.healthit.gov/topic/about-onc

Good luck.

Allie

Allison Wein

Privacy Specialist
1515 North Saint Joseph Avenue  

P.O. Box 8000 

Marshfield, WI 54449-8000
Direct:   715-221-9414  
Toll free:  1-800-472-2363 

Fax:  715-221-9164
email:  wein.allison@securityhealth.org

www.securityhealth.org  

CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipient(s) named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify the sender at the electronic mail address noted above and destroy all copies of this communication and any attachments. Thank you for your cooperation.

Allie,

Thank you. Excellent information.

Charlie

Frank,

Thank you so much for the excellent video which does answer my question.  I had both ends of the answer but not the connection which you filled in nicely.

I'm not sure I warranted a video but I hope the information is also useful for others who face the same dilemma, explaining, "where does it say we have to do that."

Merry Christmas/Happy Holidays to you and all in HIPAA Land.

Charlie

Charles E. Colitre, BBA, CHC, CHPC

Compliance and Privacy Officer

Crystal Clinic Orthopaedic Center

3925 Embassy Parkway, Ste 250

Akron, OH 44333

330 670-6123

Hi Charlie,

There's no need to watch some video posted by a consultant and get second hand information.  Go to https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html.

The long and short of it is that the compliance with the NIST standards is not required. Rather, documents or digital media destroyed pursuant to those standards creates a "safe harbor" for any potential breach because the output is not considered individually identifiable health information.

David

David J. Spielman, J.D.

V.P. Corporate Integrity and Compliance

  and Associate General Counsel

Exeter Health Resources

5 Alumni Drive

Exeter, N.H. 03833

Direct Dial: (603) 580-7657

Facsimile: (603) 580-7575

image001.png@01D2C99B.471DE0E0">

Confidentiality Notice: This message, including any attachments, is for the sole use of the intended recipient and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

Thank you Frank. Very clear and once again, very practical as well.

Thank you Charles for asking the question too!

Best Regards,

Scot Lovejoy   

Scot Lovejoy RPh. CFP CHC

Chief Pharmacy Officer

Compliance Officer

9 Campus Drive, 2^nd Floor East

Parisippany, N.J. 07054

(O) 973-540-8400  x227

(C) 973-570-3803

(F) 973-540-8440

Confidentiality Notice:  This e-mail is intended only for the person(s) to whom it is addressed and may contain information that is confidential, proprietary, privileged or otherwise protected from disclosure.  If you are not an intended recipient, please (i) do not read, copy or use this communication, or disclose it to others, (ii) notify the sender immediately by replying to the message, and (iii) delete the e-mail from your system.  Thank you.

Excellent Video Frank.  Thank you.

Karen Noyes

Compliance Officer

Intermountain Medical Imaging

Gem State Radiology

877 W. Main Street

Suite 603

Boise, ID  83702

(208) 384-9073