Privacy Act protects some practices with patient data breaches
HIPAA Weekly Advisor, April 19, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
OCR cited a 36-year-old privacy law as the reason why it cannot post on its breach notification Web site the names of private practitioners who report breaches of unsecured PHI affecting 500 or more individuals.
A spokesperson from OCR writes in an e-mail to HIPAA Update that OCR considers private practitioners who report these major breaches of unsecured PHI to be “individuals” as defined by the Privacy Act of 1974.
Therefore, these “individuals” can stop OCR from posting their names on its breach notification Web site if the “individual” does not provide written consent. In those cases, OCR lists the entities as “private practice.”
“It is the legal opinion of HHS that the names of private practitioners are identifiable as ‘individuals,’ as defined by the Privacy Act of 1974,” a spokesperson from OCR writes to HIPAA Update.
As of April 16, 64 entities had reported breaches of 500 or more. OCR listed eight of those as “private practice.” That doubles the initial report of 32 reporting entities when OCR made its Web site public in late February.
Read more on HIPAA Update.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched