Hospital Implements New Minimum Necessary Polices for Telephone Messages
Hospital Implements New Minimum Necessary Polices for Telephone Messages
Covered Entity: General Hospital
Issue: Minimum Necessary; Confidential Communications
A hospital employee did not observe minimum necessary requirements
when she left a telephone message with the daughter of a patient that
detailed both her medical condition and treatment plan. An OCR
investigation also indicated that the confidential communications
requirements were not followed, as the employee left the message at the
patient’s home telephone number, despite the patient’s instructions to
contact her through her work number. To resolve the issues in this case,
the hospital developed and implemented several new procedures. One
addressed the issue of minimum necessary information in telephone
message content. Employees were trained to provide only the minimum
necessary information in messages, and were given specific direction as
to what information could be left in a message. Employees also were
trained to review registration information for patient contact
directives regarding leaving messages. The new procedures were
incorporated into the standard staff privacy training, both as part of a
refresher series and mandatory yearly compliance training.
| Private Practice Revises Process to Provide Access to Records Covered Entity: Private Practices Issue: Access A private practice failed to honor an individual's request for a complete copy of her minor son's medical record. OCR's investigation determined that the private practice had relied on state regulations that permit a covered entity to provide a summary of the record. OCR provided technical assistance to the covered entity, explaining that the Privacy Rule permits a covered entity to provide a summary of patient records rather than the full record only if the requesting individual agrees in advance to such a summary ...read more |
| Must a covered entity inform individuals in advance of any fees that may be charged when the individuals request a copy of their PHI? This guidance remains in effect only to the extent that it is consistent with the court’s order in Ciox Health, LLC v. Azar, No. 18-cv-0040 (D.D.C. January 23, 2020), which may be found at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2018cv0040-51. More information about the order is available at https://www.hhs.gov/hipaa/court-order-right-of-access/index.html. Any provision within this guidance that has been vacated by the Ciox Health decision is rescinded. Yes. When an individual requests access to her PHI and the covered entity intends to charge the ...read more |
| Issued by: Office for Civil Rights (OCR) Do the HIPAA Rules allow a covered entity or business associate to use a CSP that stores ePHI on servers outside of the United States? Answer: Yes, provided the covered entity (or business associate) enters into a business associate agreement (BAA) with the CSP and otherwise complies with the applicable requirements of the HIPAA Rules. However, while the HIPAA Rules do not include requirements specific to protection of electronic protected health information (ePHI) processed or stored by a CSP or any other business associate outside of the United States, OCR notes that ...read more |
| HHS Issues Guidance on HIPAA and Audio-Only Telehealth Today, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth - PDF is no longer in effect. This guidance will help individuals ...read more |
|
August 2025
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | | | 1 | 2 |
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
Covered Entity (40)
HIPAA (2)
HIPAA Enforcement (3)
BAA (4)
ePHI (2)
Data Breach (1)
EHR Fraud (1)
PPP Fraud (1)
Telehealth (1)
|
