Health Information Compliance Alert
Should You Track Your Employees' Contact With Patients' PHI?
PDF
Question: A patient requested that we account for all disclosures of her protected health information (PHI). Does the privacy rule require us to provide her with the names of each individual who accessed her medical information? Answer: No, says Kelley Meeusen, Compliance Coordinator and Privacy Officer at Harrison Hospital in Bremerton, WA. "HIPAA created a clear distinction between 'uses' and 'disclosures,'" and internal employee access is most likely a 'use,' he explains. A disclosure is when a patient's medical information is released to a person or entity outside of your organization, Meeusen says. On the other hand, patient information shared within your office to facilitate patient treatment is a use (Section 164.510), he asserts. Use this quick guide to know which medical information sharing you don't have to track in patients' accounting of disclosures: Disclosures for treatment, payment and health care operations (TPO); Disclosures to the subject individual; Incidental disclosures; Disclosures the individual authorized; Disclosures for national security or intelligence purposes; Disclosures to correctional institutions or law enforcement; Disclosures that are part of a limited data set; and Disclosures that occurred prior to the compliance date for the organization. The Bottom Line: The privacy rule allows you to share information as necessary to ensure the best treatment for your patients, Meeusen says. Remember: If you catch an employee snooping in a patient's medical records for reasons other than treatment, you do have to account for that disclosure.
Health Information Compliance Alert
- Privacy Compliance:
Don't Let Your Notice Of Privacy Practices Go By The Wayside
3 expert tips to help you freshen up your privacy notice. Your notice of privacy [...] - You Be The Privacy Officer:
Should You Track Your Employees' Contact With Patients' PHI?
Question: A patient requested that we account for all disclosures of her protected health information [...] - Reader Questions:
Auto-Reminders Won't Erase Your Compliance Efforts
Question: We plan to hire a service to send automatic telephone reminders to our patients [...] - Reader Questions:
HIPAA Doesn't Halt For Holidays
Question: Our office wants to create a display at the local shopping center to remember [...] - You Be The Privacy Officer:
Are Your Patients Shopping Around?
Question: One of our physicians is concerned that her patient may be "doctor shopping" for [...] - Security Strategies:
7 Steps To Save Your Security Incident Ship
These suggestions will keep your security rule compliance efforts moving. Knowing how to respond to [...] - Privacy Compliance:
Know When To Curb Your Patients' PHI Restriction Requests
Granting restriction requests could be disastrous for both you and your patients. Do you know [...] - You Be The Security Officer:
Is Your Multifunction Printer Harboring ePHI?
Question: We just bought a multifunction printer that also sends faxes, scans and makes copies. [...] - Compliance Tips:
Can Your Staffers Call On You For Help?
Give your employees the gift of communication. Even if you've prepared your staff to handle [...] - Industry News:
Issues Plague Patient"Doctor Interaction On Social Networking Web Sites
Friending patients on Facebook may lead to privacy violation issues, say experts. Should patients and [...]