HIPAA Q&A: Red Flags Rule
HIPAA Weekly Advisor, November 2, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. How does the HIPAA privacy rule coincide with the new Red Flags Rule, which requires providers with covered accounts to contact law enforcement if the provider suspects identity theft? May providers release PHI or discuss the patient’s case with law enforcement officials?
A. The Red Flags Rule does not require you to notify law enforcement officials of suspected identify theft. Instead, the rule permits you to do so. Most states' identity theft protection laws allow this as well. Informing law enforcement officials about a PHI breach and its nature does not violate HIPAA. Patient authorization is necessary before you disclose any specific identifiable information to law enforcement officials. Absent specific authorization, release of PHI to law enforcement would violate the HIPAA privacy rule.
Advising patients to contact law enforcement is the best course of action. If warranted, notify law enforcement of the breach and provide the perpetrator’s name if known, but don’t provide a list of affected patients.
Editor’s note: Chris Apgar, CISSP, answered this question. This is not legal advice. Consult your attorney regarding legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Briefings on APCs
Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...
-
Medical Records Briefing
Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...
-
Briefings on Coding Compliance Strategies
Submitting improper Medicare documentaion can lead to denial of fees, payback, fines, and increased diligence from payers...
-
Briefings on HIPAA
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...
-
A Marketer's Guide to HIPAA:
This unique resource is the first of its kind—a concise, yet detailed primer for healthcare marketing, communications...
Most Popular
- Articles
-
- Q/A: Billing telemetry daily monitoring
- Credentialing monthly: What is the role of the credentials committee in addressing unprofessional conduct?
- New report reveals $47 billion in Medicare fraud
- Radiologist indicted for fraudulently signing reports
- 2010 ICD-9 code updates now available online
- National Quality Forum creates standardized set of data for electronic health records
- Master modifiers to ensure accurate reimbursement
- H1N1 hits Maine facility
- Don’t be scared into silence: Affiliation letter safeguards allow you to disclose more
- Understand the H1N1 Flu and how to code it
- E-mailed
-
- Radiologist indicted for fraudulently signing reports
- Credentialing monthly: What is the role of the credentials committee in addressing unprofessional conduct?
- Q/A: Billing telemetry daily monitoring
- National Quality Forum creates standardized set of data for electronic health records
- New report reveals $47 billion in Medicare fraud
- Hospice group to pay U.S. $1.83 million in False Claims Act suit
- Q/A: Billing for DME
- Revised MS.1.20 'huge improvement', out for comment again
- H1N1 hits Maine facility
- Providers report first RAC denials in Florida, South Carolina
- Searched