I have to reply twice, this is such an absurd statement. I’ve worked in healthcare for years, the penalty for exposing a patients phi could potentially cripple a company because of how strict the safeguards are against it. Cyber liability is in the millions for companies with even small (~100k) sets of lives.
True and false simultaneously. Phi protection absolutely applies outside of providing a medical service. If you’re a company that has medical info on people and you run reporting on it that is your duty to safeguard it. Had nothing to do with providing a service. If you don’t deidentify records before studies are conducted or you’re using live records in dev environments and that info gets exposed you’re screwed.
When it’s PHI it is absolutely protected in all levels of transit regardless of the title of person using it.
I have to reply twice, this is such an absurd statement. I’ve worked in healthcare for years, the penalty for exposing a patients phi could potentially cripple a company because of how strict the safeguards are against it. Cyber liability is in the millions for companies with even small (~100k) sets of lives.
True and false simultaneously. Phi protection absolutely applies outside of providing a medical service. If you’re a company that has medical info on people and you run reporting on it that is your duty to safeguard it. Had nothing to do with providing a service. If you don’t deidentify records before studies are conducted or you’re using live records in dev environments and that info gets exposed you’re screwed.
I know when the railroad tried to make us tell them our prescription the lawyers shut that shit down hard.