The Federal Trade Commission has published guidance that goes beyond HIPAA, pointing out that it’s also illegal to phrase your HIPAA statements to patients in what could be construed as a deceptive manner. An example would be to say on page one of a disclaimer form that the patient’s information will go only to their doctor, but on page three ask them to sign authorization to send their information elsewhere. For details see https://www.ftc.gov/tips-advice/business-center/guidance/sharing-consumer-health-information-look-hipaa-ftc-act .
HIPAA has also recently added or emphasized new or revised guidance on:
- HIPAA and Cloud Computing – http://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html
- HIPAA Privacy, Security, and Breach Notification Audits – http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html