Dealing with misuse of PHI
Compliance Monitor, December 9, 2005
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: What should we do if one of our business associates or limited data set users misuses protected health information (PHI)?
If a covered entity knows that a business associate or limited data set user is committing a violation, the covered entity must take reasonable steps to end the violation. If such steps are unsuccessful, the covered entity must:
- terminate the business associate contract
- if the contract cannot be terminated, report the problem to the Department of Health and Human Services.
For more information see Section 164.504(e) Business Associate Contracts, Section 164.514(e) Limited Data Set and Section, and Section 164.530(f) Mitigation of the Bricker & Eckler Web site.
Editor's note: Attorneys from Bricker & Eckler, LLP, answered this question. This is not legal advice. Consult with your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- HealthDataInsights posts new issues for medical necessity claims
- Running an effective peer review committee meeting
- Sneak Peek: Effort underway to establish caseload benchmarks
- New FAQ posted on storing laryngoscope blades
- Q&A: Incidental disclosures and patient privacy
- Tip: Perform your own internal investigation prior to government audit
- What does case-mix index mean to you?
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- What does case-mix index mean to you?
- HHS task force: Consider privacy, security with text messages
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Tip: Correctly code bilateral pain management procedures
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Documentation and coding for toxic metabolic encephalopathy
- Guidance and tact key to compliant, effective physician queries
- Searched