Private Practice Revises Process to Provide Access to Records
Private Practice Revises Process to Provide Access to Records
Covered Entity: Private Practices
Issue: Access
A private practice failed to honor an individual's request for a
complete copy of her minor son's medical record. OCR's investigation
determined that the private practice had relied on state regulations
that permit a covered entity to provide a summary of the record. OCR
provided technical assistance to the covered entity, explaining that the
Privacy Rule permits a covered entity to provide a summary of patient
records rather than the full record only if the requesting individual
agrees in advance to such a summary or explanation. Among other
corrective actions to resolve the specific issues in the case, OCR
required the covered entity to revise its policy. In addition, the
covered entity forwarded the complainant a complete copy of the medical
record.
| Private Practice Implements Safeguards for Waiting Rooms Covered Entity: Private Practice Issue: Safeguards; Impermissible Uses and Disclosures A staff member of a medical practice discussed HIV testing procedures with a patient in the waiting room, thereby disclosing PHI to several other individuals. Also, computer screens displaying patient information were easily visible to patients. Among other corrective actions to resolve the specific issues in the case, OCR required the provider to develop and implement policies and procedures regarding appropriate administrative and physical safeguards related to the communication of PHI. The practice trained all staff on the newly developed policies and ...read more |
| May a covered entity use or disclose protected health information for litigation? Answer: A covered entity may use or disclose protected health information as permitted or required by the Privacy Rule, see 45 CFR 164.502(a) (PDF); and, subject to certain conditions the Rule typically permits uses and disclosures for litigation, whether for judicial or administrative proceedings, under particular provisions for judicial and administrative proceedings set forth at 45 CFR 164.512(e) (GPO), or as part of the covered entity’s health care operations, 45 CFR 164.506(a) (PDF). Depending on the context, a covered entity’s use or disclosure of protected health information in ...read more |
| Can a covered entity refuse to disclose ePHI to an app chosen by an individual because of concerns about how the app will use or disclose the ePHI it receives? No. The HIPAA Privacy Rule generally prohibits a covered entity from refusing to disclose ePHI to a third-party app designated by the individual if the ePHI is readily producible in the form and format used by the app. See 45 CFR 164.524(a)(1), (c)(2)(ii), (c)(3)(ii). The HIPAA Rules do not impose any restrictions on how an individual or the individual’s designee, such as an app, may use the health information ...read more |
| Direct Liability of Business Associates In 2009, Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act,1 making business associates of covered entities directly liable for compliance with certain requirements of the HIPAA Rules. Consistent with the HITECH Act, the HHS Office for Civil Rights (OCR) issued a final rule in 2013 to modify the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules.2 Among other things, the final rule identifies provisions of the HIPAA Rules that apply directly to business associates and for which business associates are directly liable.3 As set forth in the HITECH ...read more |
|
July 2025
| Su | Mo | Tu | We | Th | Fr | Sa |
| | 1 | 2 | 3 | 4 | 5 |
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
January 2025 (1)
November 2022 (54)
Blog Labels
Covered Entity (40)
Data Breach (1)
PPP Fraud (1)
ePHI (2)
EHR Fraud (1)
Telehealth (1)
BAA (4)
HIPAA Enforcement (3)
HIPAA (2)
|
