Clinic Sanctions Supervisor for Accessing Employee Medical Record
Clinic Sanctions Supervisor for Accessing Employee Medical Record
Covered Entity: Outpatient Facility
Issue: Impermissible Use and Disclosure
A hospital employee's supervisor accessed, examined, and disclosed
an employee's medical record. OCR's investigation confirmed that the use
and disclosure of protected health information by the supervisor was
not authorized by the employee and was not otherwise permitted by the
Privacy Rule. An employee's medical record is protected by the Privacy
Rule, even though employment records held by a covered entity in its
role as employer are not. Among other corrective actions to resolve the
specific issues in the case, a letter of reprimand was placed in the
supervisor's personnel file and the supervisor received additional
training about the Privacy Rule. Further, the covered entity counseled
the supervisor about appropriate use of the medical information of a
subordinate.
| When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials? Answer: The Privacy Rule is balanced to protect an individual’s privacy while allowing important law enforcement functions to continue. The Rule permits covered entities to disclose protected health information (PHI) to law enforcement officials, without the individual’s written authorization, under specific circumstances summarized below. For a complete understanding of the conditions and requirements for these disclosures, please review the exact regulatory text at the citations provided. Disclosures for law enforcement purposes are permitted as follows: To comply with a court order or ...read more |
| A Covered Entity is: A health plan. An individual or group plan that provides, or pays the cost of, medical care. Health plans include private entities (e.g., health insurers and managed care organizations) and government organizations (e.g., Medicaid, Medicare, and the Veterans Health Administration) A health care provider. A provider of health care services and any other person or organization that furnishes, bills, or is paid for health care in the normal course of business. Health care providers (e.g., physicians, hospitals, and clinics) are covered entities if they transmit health information in electronic form in connection with a transaction ...read more |
| Health Sciences Center Revises Process to Prevent Unauthorized Disclosures to Employers Covered Entity: General Hospitals Issue: Impermissible Uses and Disclosures; Authorizations A state health sciences center disclosed protected health information to a complainant's employer without authorization. Among other corrective actions to resolve the specific issues in the case, including mitigation of harm to the complainant, OCR required the Center to revise its procedures regarding patient authorization prior to release of protected health information to an employer. All staff was trained on the revised procedures. ...read more |
| No Business Associate Agreement? $31K Mistake The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care provider with a pediatric subspecialty practice that operates its practice in seven clinic locations in Illinois. In August 2015, the HHS Office for Civil Rights (OCR) initiated a compliance review of the Center for Children’s Digestive Health (CCDH) following an initiation ...read more |
|
April 2026
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | 1 | 2 | 3 | 4 |
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
EHR Fraud (1)
Covered Entity (40)
Data Breach (1)
Telehealth (1)
BAA (4)
HIPAA Enforcement (3)
ePHI (2)
PPP Fraud (1)
HIPAA (2)
|
