A large integrated healthcare delivery system has recently acquired several physician practices in the region. The Director of Health Information Services is meeting with the office managers and other leaders at the various physician practices to determine what EHRs are in use as well as other systems that store patient records. The Director’s review finds that several of the practices are storing transcribed patient records on USB drives, some are using cloud storage, and some send files via email. The Director needs to assess the potential for HIPAA violations related to this finding and develop a plan of action to address this situation as well as determine an action plan.
What potential HIPAA violation(s) can be identified in the scenario?
Who should the Director involve in this plan?
What steps should the Director take to analyze the situation?
Once the analysis is complete, what should be done as next steps?
