Mental Health Center Provides Access after Denial

Mental Health Center Provides Access after Denial
Covered Entity: Mental Health Center
Issue: Access, Authorization

The complainant alleged that a mental health center (the "Center") improperly provided her records to her auto insurance company and refused to provide her with a copy of her medical records.  The Center provided OCR with a valid authorization, signed by the complainant, permitting the release of information to the auto insurance company.  OCR also determined that the Center denied the complainant's request for access because her therapists believed providing the records to her would likely cause her substantial harm. The Center did not, however, provide the complainant with the opportunity to have the denial reviewed, as required by the Privacy Rule.  Among other corrective action taken to resolve this issue, the Center provided the complainant with a copy of her records.



HHS Issues Guidance on HIPAA and Audio-Only Telehealth Today, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth - PDF is no longer in effect. This guidance will help individuals ...read more



§ 164.314 Organizational requirements. (a) (1) Standard: Business associate contracts or other arrangements. The contract or other arrangement required by § 164.308(b)(3) must meet the requirements of paragraph (a)(2)(i), (a)(2)(ii), or (a)(2)(iii) of this section, as applicable. (2) Implementation specifications (Required) - (i) Business associate contracts. The contract must provide that the business associate will - (A) Comply with the applicable requirements of this subpart; (B) In accordance with § 164.308(b)(2), ensure that any subcontractors that create, receive, maintain, or transmit electronic protected health information on behalf of the business associate agree to comply with the applicable requirements of ...read more



Private Practice Revises Policies and Procedures Addressing Activities Preparatory to Research Covered Entity: Private Practice Issue: Impermissible Disclosure-Research A private practice physician who was the principal investigator of a clinical research study disclosed a list of patients and diagnostic codes to a contract research organization to telephone patients for recruitment purposes.  The disclosure was not consistent with documents approved by the Institutional Review Board (IRB). The private practice maintained that the disclosure to the contract research organization was permissible as a review preparatory to research.  Activities considered “preparatory to research” include: preparing a research protocol; developing a research hypothesis; ...read more



Clinic Sanctions Supervisor for Accessing Employee Medical Record Covered Entity: Outpatient Facility Issue: Impermissible Use and Disclosure A hospital employee's supervisor accessed, examined, and disclosed an employee's medical record. OCR's investigation confirmed that the use and disclosure of protected health information by the supervisor was not authorized by the employee and was not otherwise permitted by the Privacy Rule. An employee's medical record is protected by the Privacy Rule, even though employment records held by a covered entity in its role as employer are not. Among other corrective actions to resolve the specific issues in the case, a letter ...read more

April 2026
SuMoTuWeThFrSa
1234
567891011
12131415161718
19202122232425
2627282930

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
November 2022 (54)
January 2025 (1)

Blog Labels
Data Breach (1)
EHR Fraud (1)
PPP Fraud (1)
ePHI (2)
HIPAA (2)
Telehealth (1)
HIPAA Enforcement (3)
Covered Entity (40)
BAA (4)

 
BAA Facts
  • Who needs a BAA?
  • What if I don't have a BAA
  • BAA Quick FAQ
  • WHY BAA?
  • Planning Your BAA
 Sample BAA
  • Simple BAA
  • Better BAA
  • Best BAA
 Office Locations:

100 Florida Ave
Tampa Fl 33615