HIPAA Blog

[ Wednesday, April 30, 2014 ]

Boston Medical Center: the hospital fired its transcription vendor, because it found that the vendor made PHI available on its physician-access website without password protection. Obviously the physicians need to be able to access the transcriptions to review and sign off, but appropriate protections must be in place. Firing the vendor probably gives the covered entity hospital a possible defense against an OCR fine (assuming they didn't/shouldn't have known about the problem earlier).

Jeff [6:42 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template