HIPAA Q&A: Red Flags Rule
HIPAA Weekly Advisor, November 2, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. How does the HIPAA privacy rule coincide with the new Red Flags Rule, which requires providers with covered accounts to contact law enforcement if the provider suspects identity theft? May providers release PHI or discuss the patient’s case with law enforcement officials?
A. The Red Flags Rule does not require you to notify law enforcement officials of suspected identify theft. Instead, the rule permits you to do so. Most states' identity theft protection laws allow this as well. Informing law enforcement officials about a PHI breach and its nature does not violate HIPAA. Patient authorization is necessary before you disclose any specific identifiable information to law enforcement officials. Absent specific authorization, release of PHI to law enforcement would violate the HIPAA privacy rule.
Advising patients to contact law enforcement is the best course of action. If warranted, notify law enforcement of the breach and provide the perpetrator’s name if known, but don’t provide a list of affected patients.
Editor’s note: Chris Apgar, CISSP, answered this question. This is not legal advice. Consult your attorney regarding legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- HealthDataInsights posts new issues for medical necessity claims
- New FAQ posted on storing laryngoscope blades
- Q&A: Incidental disclosures and patient privacy
- What does case-mix index mean to you?
- Tip of the Week: Treat faculty orientation like resident orientation
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Q/A: New device pass-through categories
- Topic: CMS, OESS post new security compliance review information, checklist
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- News and briefs: GA may increase residency number s across state, but cut main hospital?s budget
- E-mailed
-
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- What does case-mix index mean to you?
- Tip: Know the common bunionectomy procedure codes and how to use them
- Code changes should help ease the pain when coding for facet joint injections
- Documentation and coding for toxic metabolic encephalopathy
- News and briefs: UA study links lack of empathy in residents to long shifts
- OB services: Coding inside and outside of the package
- Don't let improper discharge disposition codes fly under the radar at your facility
- Discharge Planning Under the MDS 3.0
- Correctly code for new cardiac, pulmonary rehab benefits
- Searched