HIPAA Q&A: Breach notification
HIPAA Weekly Advisor, December 20, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. My question pertains to the requirements for notifying patients about breaches. Please explain how to respond when patients request the identity of staff members who accessed their records inappropriately. Are we expected to provide this information? HITECH assigns individual responsibility to individuals who commit a breach, so does this mean that their identity is not protected?
A. Disclosing the identity of staff members who breach patient information to affected patients who request this information is reasonable. Consider warning your staff that you will not protect their identity if they breach patient confidentiality.
Editor’s note: Mary D. Brandt, vice president, health information management, at Scott &White Healthcare, Temple, TX, answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched