Mental Health Center Corrects Process for Providing Notice of Privacy Practices
Mental Health Center Corrects Process for Providing Notice of Privacy Practices
Covered Entity: Outpatient Facility
Issue: Notice
A mental health center did not provide a notice of privacy practices
(notice) to a father or his minor daughter, a patient at the
center. In response to OCR’s investigation, the mental health center
acknowledged that it had not provided the complainant and his daughter
with a notice prior to her mental health evaluation. To resolve this
matter, the mental health center revised its intake assessment policy
and procedures to specify that the notice will be provided and the
clinician will attempt to obtain a signed acknowledgement of receipt of
the notice prior to the intake assessment. The acknowledgement form is
now included in the intake package of forms. The center also provided
OCR with written assurance that all policy changes were brought to the
attention of the staff involved in the daughter’s care and then
disseminated to all staff affected by the policy change.
| Private Practice Implements Safeguards for Waiting Rooms Covered Entity: Private Practice Issue: Safeguards; Impermissible Uses and Disclosures A staff member of a medical practice discussed HIV testing procedures with a patient in the waiting room, thereby disclosing PHI to several other individuals. Also, computer screens displaying patient information were easily visible to patients. Among other corrective actions to resolve the specific issues in the case, OCR required the provider to develop and implement policies and procedures regarding appropriate administrative and physical safeguards related to the communication of PHI. The practice trained all staff on the newly developed policies and ...read more |
| Can a covered entity refuse to disclose ePHI to an app chosen by an individual because of concerns about how the app will use or disclose the ePHI it receives? No. The HIPAA Privacy Rule generally prohibits a covered entity from refusing to disclose ePHI to a third-party app designated by the individual if the ePHI is readily producible in the form and format used by the app. See 45 CFR 164.524(a)(1), (c)(2)(ii), (c)(3)(ii). The HIPAA Rules do not impose any restrictions on how an individual or the individual’s designee, such as an app, may use the health information ...read more |
| When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials? Answer: The Privacy Rule is balanced to protect an individual’s privacy while allowing important law enforcement functions to continue. The Rule permits covered entities to disclose protected health information (PHI) to law enforcement officials, without the individual’s written authorization, under specific circumstances summarized below. For a complete understanding of the conditions and requirements for these disclosures, please review the exact regulatory text at the citations provided. Disclosures for law enforcement purposes are permitted as follows: To comply with a court order or ...read more |
| Private Practice Implements Safeguards for Waiting Rooms Covered Entity: Private Practice Issue: Safeguards; Impermissible Uses and Disclosures A staff member of a medical practice discussed HIV testing procedures with a patient in the waiting room, thereby disclosing PHI to several other individuals. Also, computer screens displaying patient information were easily visible to patients. Among other corrective actions to resolve the specific issues in the case, OCR required the provider to develop and implement policies and procedures regarding appropriate administrative and physical safeguards related to the communication of PHI. The practice trained all staff on the newly developed policies and ...read more |
|
July 2025
| Su | Mo | Tu | We | Th | Fr | Sa |
| | 1 | 2 | 3 | 4 | 5 |
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
EHR Fraud (1)
Data Breach (1)
Telehealth (1)
ePHI (2)
Covered Entity (40)
BAA (4)
PPP Fraud (1)
HIPAA (2)
HIPAA Enforcement (3)
|
