Tag:

phi

Take It Seriously: OCR Begins to Enforce Its Right of Access Initiative in Protection of Patient Rights

On September 9th, 2019, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) issued its first enforcement action and settlement under its Right of Access Initiative. This came as a reaction to Bayfront Health St. Petersburg (Bayfront) paying $85,000 in fines to OCR. Bayfront adopted a corrective action plan to settle a potential violation of the right of access provision of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule after they failed to provide a mother timely access to the records about her unborn child. In response, the OCR Director, Roger Severino, stated “[w]e aim to hold the health care industry accountable for ignoring peoples’ right to access their medical record and those of their kids.”

What Happens When The Police Demand PHI

It happens in every emergency department: a law enforcement officer comes into the ER at two o’clock in the morning and demands to test the blood alcohol levels of a patient brought in after an auto accident. The officer pulls an exhausted nurse to the side in the hopes that the nurse will forget his or her training, or become anxious enough to give up the information for fear of being arrested. Yet no matter the specific facts, the question remains: can a hospital give law enforcement officers a patient’s PHI without authorization from the patient? In some situations, is it even required?

There is a provision under the HIPAA Privacy Rule that allows, and in some cases, requires, entities to disclose patient’s PHI to law enforcement without the patient’s authorization. However, state law can complicate this picture with more restrictive regulations and guidance.

When Policies and Procedures Are Just Not Enough: Memorial Healthcare System Settlement

Alexander Thompson Associate Editor Loyola University Chicago School of Law, JD 2018   On February 16, 2017, the HHS Office of Civil Rights Acting Director, Robinsue Frohboese, announced the second largest HIPAA settlement fine ever. At $5.50 million, Memorial Healthcare System’s fine was just behind the $5.55 million given to Advocate Healthcare in 2016. Memorial …
Read more

Curing the Risk of Improper Social Media Use Amongst Health Care Professionals

Mary H. Carlson Associate Editor Loyola University Chicago School of Law, JD 2018   Social media has emerged as a preferred platform for the expression of personal opinions, a means of gathering new information, and as an important networking tool. However, health care profs subject themselves to particular dangers health care professionals (HCPs) subject themselves …
Read more

Protected Health Information: Has it been Compromised?

Ryan Whitney Managing Editor Loyola University Chicago School of Law, JD 2017   HIPAA breaches occur on a daily basis. Although undesirable, many of these breaches are not serious enough to require patient notification. But others are more egregious and can cause harm to both the patient and the providing entity. This article outlines a …
Read more

OCR To Devote Greater Resources To HIPAA Breaches Affecting Fewer Than 500 Individuals

Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018   The Office of Civil Rights (OCR) announced in August that they would be focusing more efforts on investigating breaches of Protected Health Information (PHI) affecting fewer than 500 individuals.  Currently, regional offices investigate all breaches affecting more than 500 individuals, but only …
Read more