Health Information Management

Q&A: Accidental sharing of PHI with other healthcare providers

HIM-HIPAA Insider, May 18, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: We inadvertently sent a clinical note to the wrong healthcare provider. Must we conduct a risk analysis of this disclosure even if is not a reportable breach? We documented the inadvertent disclosure in the patient’s electronic health record, but must we do more?

A: Your documentation should include a brief risk analysis, such as: “Minimal risk of harm to patient because information was disclosed to another staff physician, who also must comply with privacy regulations.”
 
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, associate executive director of HIM at Scott & White Healthcare in Temple, TX, answered this question in the May 2010 issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular