Q: At the doctor's office where I work, patients are often friends or family members of staff. I heard in passing that my co-worker's boyfriend was coming in for an appointment later that day, when I mentioned it to the co-worker, she said she would be filing a complaint for a HIPAA violation. Is this really a HIPAA violation?
In this month's HIPAA Q&A, our expert answers questions on medical record requests, health insurance exchanges, fines when there has been no breach of PHI, and mandatory encryption.
The American Hospital Association (AHA) released a letter on February 12 in response to HHS’ request for information on modifying HIPAA rules to improve coordinated care, calling for more training and education as opposed to regulatory changes.
Q: Is it a reportable breach if an entity had the ability to send encrypted email, but an unencrypted email was sent to the correct recipient because of a computer fluke or user error?
Not only does your organization need appropriate policies and procedures in place to comply with HIPAA, you also need to make sure that staff members follow those policies and procedures. It’s not an easy task, and each organization has its own way of auditing compliance.
Q: My child’s school requires parents to send a doctor’s note when a student is out sick for more than two days. After providing this note for my child, their teacher spoke to me and mentioned information she could only have learned if she had read the note. Is this a HIPAA violation? Are schools covered by HIPAA if they request doctor's notes?
Slack recently updated its listing of compliance certifications and regulations to include HIPAA, which suggests it may be working toward functionality that would allow healthcare providers to share sensitive patient health information.
Q: I work for a small hospital. Do we need to ask our business associates (BA) to provide us with copies of their agreements with their BA subcontractors?
In recent months, OCR has expressed concern that providers and other covered entities may be reluctant to inform and involve the loved ones of individuals facing health crises like opioid use disorder for fear of violating HIPAA. Here, we look at some common misconceptions about privacy under HIPAA and point to the information that patients and families need to know.
