What do you do when a business associate misuses PHI?
HIPAA Weekly Advisor, April 19, 2004
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: What are our duties, if any, if we believe that one of our business associates has misused protected health information (PHI)?
A: If a covered entity knows of a pattern of activity, or practice of the business associate that constitute a material breach, or violation of the business associate's contract, the covered entity must take reasonable steps to cure the breach or end the violation. If such steps are unsuccessful, the covered entity must:
- Terminate the contract, if possible
- Report the problem to the Secretary of HHS, if the contract cannot be terminated.
See Section 164.504(e) Business Associate Contracts at http://www.bricker.com/legalservices/practice/hcare/hipaa/164.504e.asp and Section 164.530(f) Mitigation at http://www.bricker.com/legalservices/practice/hcare/hipaa/164.530f.asp for more information.
Editor's note: The questions for the April 19 issue are brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP. Find Bricker and Eckler on the Web at http://www.bricker.com or e-mail Baxter at mbaxter@bricker.com and McBeath at gmcbeath@bricker.com.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched