Corporate Compliance

Q&A: Notifying patients of breach

Compliance Monitor, February 17, 2010

Q: Please explain how to respond when patients request the identity of staff members who accessed their records inappropriately. Is there an expectation that we won’t provide this information? Health Information Technology for Economic and Clinical Health act (HITECH) assigns individual responsibility to persons who commit a breach, so does this mean that their identity is not protected?

A: A. Disclosing the identity of staff members who breach patient information to affected patients who request this information is reasonable. Consider warning your staff that you will not protect their identity if they breach patient confidentiality.

Mary D. Brandt, MBA, RHIA, CHE, CHPS answered this question in the March 2010 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace.

Most Popular