Mental Health Center Provides Access after Denial

Mental Health Center Provides Access after Denial
Covered Entity: Mental Health Center
Issue: Access, Authorization

The complainant alleged that a mental health center (the "Center") improperly provided her records to her auto insurance company and refused to provide her with a copy of her medical records.  The Center provided OCR with a valid authorization, signed by the complainant, permitting the release of information to the auto insurance company.  OCR also determined that the Center denied the complainant's request for access because her therapists believed providing the records to her would likely cause her substantial harm. The Center did not, however, provide the complainant with the opportunity to have the denial reviewed, as required by the Privacy Rule.  Among other corrective action taken to resolve this issue, the Center provided the complainant with a copy of her records.



...read more



Enforcement Actions Ensure Patients Receive Timely Access to their Records, at a Reasonable Cost Today, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of three investigations concerning potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule's patient right of access provision. These cases are part of a collective effort, bringing the total 41 cases, to drive compliance on right of access under the law. “These three right of access actions send an important message to dental practices of all sizes that are covered by the HIPAA ...read more



Issued by: Office for Civil Rights (OCR) Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States? Answer: Yes, provided the covered entity (or business associate) enters into a business associate agreement (BAA) with the CSP and otherwise complies with the applicable requirements of the HIPAA Rules. However, while the HIPAA Rules do not include requirements specific to protection of electronic protected health information (ePHI) processed or stored by a CSP or any other business associate outside of the United States, OCR notes that ...read more



State Hospital Sanctions Employees for Disclosing Patient's PHI Covered Entity: Health Care Provider / General Hospital Issue: Impermissible Disclosure A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient and the patient's spouse within earshot of other patients without making reasonable efforts to prevent the disclosure. Upon learning of the incident, the hospital placed both employees on leave; the orderly resigned his employment shortly thereafter. Among other actions taken to satisfactorily resolve this matter, the hospital took further disciplinary action with the nurse, which included: documenting the employee record with a memo of ...read more

April 2025
SuMoTuWeThFrSa
12345
6789101112
13141516171819
20212223242526
27282930

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
November 2022 (54)
January 2025 (1)

Blog Labels
BAA (4)
HIPAA Enforcement (3)
Covered Entity (40)
Data Breach (1)
PPP Fraud (1)
ePHI (2)
HIPAA (2)
EHR Fraud (1)
Telehealth (1)

 
BAA Facts
  • Who needs a BAA?
  • What if I don't have a BAA
  • BAA Quick FAQ
  • WHY BAA?
  • Planning Your BAA
 Sample BAA
  • Simple BAA
  • Better BAA
  • Best BAA
 Office Locations:

100 Florida Ave
Tampa Fl 33615