State Hospital Sanctions Employees for Disclosing Patient's PHI

State Hospital Sanctions Employees for Disclosing Patient's PHI
Covered Entity: Health Care Provider / General Hospital
Issue: Impermissible Disclosure

A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient and the patient's spouse within earshot of other patients without making reasonable efforts to prevent the disclosure. Upon learning of the incident, the hospital placed both employees on leave; the orderly resigned his employment shortly thereafter. Among other actions taken to satisfactorily resolve this matter, the hospital took further disciplinary action with the nurse, which included: documenting the employee record with a memo of the incident; one year probation; referral for peer review; and further training on HIPAA Privacy. In addition to corrective action taken under the Privacy Rule, the state attorney general's office entered into a monetary settlement agreement with the patient.



Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to decide whether sensitive information about them may be disclosed to or through a health information organization (HIO)? Yes. To the extent a covered entity is using a process either to obtain consent or act on an individual’s right to request restrictions under the Privacy Rule as a method for effectuating individual choice, policies can be developed for obtaining consent or honoring restrictions on a granular level, based on the type of information involved. For example, specific consent and restriction policies could ...read more



Hospital Implements New Minimum Necessary Polices for Telephone Messages Covered Entity: General Hospital Issue: Minimum Necessary; Confidential Communications A hospital employee did not observe minimum necessary requirements when she left a telephone message with the daughter of a patient that detailed both her medical condition and treatment plan.  An OCR investigation also indicated that the confidential communications requirements were not followed, as the employee left the message at the patient’s home telephone number, despite the patient’s instructions to contact her through her work number. To resolve the issues in this case, the hospital developed and implemented several new procedures.  ...read more



SCOPE OF CRIMINAL ENFORCEMENT UNDER 42 U.S.C. § 1320d-6 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6, and the knowingly element of the offense set forth in that provision requires only proof of knowledge of the facts that constitute the offense. MEMORANDUM OPINION FOR THE GENERAL COUNSEL DEPARTMENT OF HEALTH AND HUMAN SERVICES AND THE SENIOR COUNSEL TO THE DEPUTY ATTORNEY GENERAL You have asked jointly for our opinion concerning the scope of 42 U.S.C. § 1320d-6 (2000), the criminal enforcement provision of the ...read more



Health Plan Corrects Computer Flaw that Caused Mailing of EOBs to Wrong Persons Covered Entity: Health Plans Issue: Safeguards A national health maintenance organization sent explanation of benefits (EOB) by mail to a complainant's unauthorized family member. OCR's investigation determined that a flaw in the health plan's computer system put the protected health information of approximately 2,000 families at risk of disclosure in violation of the Rule. Among the corrective actions required to resolve this case, OCR required the insurer to correct the flaw in its computer system, review all transactions for a six month period and correct all ...read more

April 2025
SuMoTuWeThFrSa
12345
6789101112
13141516171819
20212223242526
27282930

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
January 2025 (1)
November 2022 (54)

Blog Labels
PPP Fraud (1)
Data Breach (1)
Covered Entity (40)
HIPAA Enforcement (3)
ePHI (2)
BAA (4)
Telehealth (1)
EHR Fraud (1)
HIPAA (2)

 
BAA Facts
  • Who needs a BAA?
  • What if I don't have a BAA
  • BAA Quick FAQ
  • WHY BAA?
  • Planning Your BAA
 Sample BAA
  • Simple BAA
  • Better BAA
  • Best BAA
 Office Locations:

100 Florida Ave
Tampa Fl 33615