Mental Health Center Provides Access and Revises Policies and Procedures
Mental Health Center Provides Access and Revises Policies and Procedures
Covered Entity: Mental Health Center
Issue: Access, Restrictions
The complainant alleged that a mental health center (the "Center")
refused to provide her with a copy of her medical record, including
psychotherapy notes. OCR’s investigation revealed that the Center
provided the complainant with an opportunity to review her medical
record, including the psychotherapy notes, with her therapist, but the
Center did not provide her with a copy of her records. The Privacy Rule
requires covered entities to provide individuals with access to their
medical records; however, the Privacy Rule exempts psychotherapy notes
from this requirement. Although the Center gave the complainant the
opportunity to review her medical record, this did not negate the
Center’s obligation to provide the complainant with a copy of her
records. Among other corrective action taken, the Center provided the
complainant with a copy of her medical record and revised its policies
and procedures to ensure that it provides timely access to all
individuals.
| A Covered Entity is: A health plan. An individual or group plan that provides, or pays the cost of, medical care. Health plans include private entities (e.g., health insurers and managed care organizations) and government organizations (e.g., Medicaid, Medicare, and the Veterans Health Administration) A health care provider. A provider of health care services and any other person or organization that furnishes, bills, or is paid for health care in the normal course of business. Health care providers (e.g., physicians, hospitals, and clinics) are covered entities if they transmit health information in electronic form in connection with a transaction ...read more |
| State Hospital Sanctions Employees for Disclosing Patient's PHI Covered Entity: Health Care Provider / General Hospital Issue: Impermissible Disclosure A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient and the patient's spouse within earshot of other patients without making reasonable efforts to prevent the disclosure. Upon learning of the incident, the hospital placed both employees on leave; the orderly resigned his employment shortly thereafter. Among other actions taken to satisfactorily resolve this matter, the hospital took further disciplinary action with the nurse, which included: documenting the employee record with a memo of ...read more |
| Public Hospital Corrects Impermissible Disclosure of PHI in Response to a Subpoena Covered Entity: General Hospital Issue: Impermissible Uses and Disclosures A public hospital, in response to a subpoena (not accompanied by a court order), impermissibly disclosed the protected health information (PHI) of one of its patients. Contrary to the Privacy Rule protections for information sought for administrative or judicial proceedings, the hospital failed to determine that reasonable efforts had been made to insure that the individual whose PHI was being sought received notice of the request and/or failed to receive satisfactory assurance that the party seeking the information ...read more |
|
April 2026
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | 1 | 2 | 3 | 4 |
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
January 2025 (1)
November 2022 (54)
Blog Labels
BAA (4)
HIPAA (2)
Data Breach (1)
PPP Fraud (1)
Telehealth (1)
HIPAA Enforcement (3)
EHR Fraud (1)
ePHI (2)
Covered Entity (40)
|
