Hospital Implements New Minimum Necessary Polices for Telephone Messages

Hospital Implements New Minimum Necessary Polices for Telephone Messages
Covered Entity: General Hospital
Issue: Minimum Necessary; Confidential Communications

A hospital employee did not observe minimum necessary requirements when she left a telephone message with the daughter of a patient that detailed both her medical condition and treatment plan.  An OCR investigation also indicated that the confidential communications requirements were not followed, as the employee left the message at the patient’s home telephone number, despite the patient’s instructions to contact her through her work number. To resolve the issues in this case, the hospital developed and implemented several new procedures.  One addressed the issue of minimum necessary information in telephone message content.  Employees were trained to provide only the minimum necessary information in messages, and were given specific direction as to what information could be left in a message. Employees also were trained to review registration information for patient contact directives regarding leaving messages.   The new procedures were incorporated into the standard staff privacy training, both as part of a refresher series and mandatory yearly compliance training.



Physician Revises Faxing Procedures to Safeguard PHI Covered Entity: Health Care Provider Issue: Safeguards A doctor's office disclosed a patient's HIV status when the office mistakenly faxed medical records to the patient's place of employment instead of to the patient's new health care provider. The employee responsible for the disclosure received a written disciplinary warning, and both the employee and the physician apologized to the patient. To resolve this matter, OCR also required the practice to revise the office's fax cover page to underscore a confidential communication for the intended recipient. The office informed all its employees of the ...read more



 TYLER, Texas — U.S. Attorney John M. Bales announced today that a former employee of an East Texas hospital has pleaded guilty to criminal HIPAA charges in the Eastern District of Texas. Joshua Hippler, 30, formerly of Longview, Texas, was indicted on March 26, 2014, on charges of Wrongful Disclosure of Individually Identifiable Health Information.  Hippler pleaded guilty on August 28, 2014 during a hearing before United States Magistrate Judge John D. Love.  The indictment alleged that from December 1, 2012, through January 14, 2013, Hippler, who was then an employee of a covered entity under HIPAA, obtained protected ...read more



DOVER (Oct. 21, 2022) – The Delaware Division of Developmental Disabilities Services is announcing today that it is mailing letters to service recipients and legal guardians who were impacted by a recent data breach incident and is providing information to the public regarding the incident. On August 23, 2022, staff within the Division of Developmental Disabilities Services (DDDS) discovered that in the process of creating new user accounts in the division’s client database, DDDS staff inadvertently provided access to individual records of 7074 individuals. As a result of these actions, 159 new users had potential access to service recipients’ ...read more



What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit? This guidance remains in effect only to the extent that it is consistent with the court’s order in Ciox Health, LLC v. Azar, No. 18-cv-0040 (D.D.C. January 23, 2020), which may be found at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2018cv0040-51. More information about the order is available at https://www.hhs.gov/hipaa/court-order-right-of-access/index.html. Any provision within this guidance that has been vacated by the Ciox Health decision is rescinded. ...read more

July 2026
SuMoTuWeThFrSa
1234
567891011
12131415161718
19202122232425
262728293031

Blog Home

Newest Blog Entries
1/21/25 Understanding Business Associate Agreements

11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims

11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme

11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges

11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6

11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach

11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA

11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth

11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations

11/12/22 May a covered entity use or disclose protected health information for litigation?

11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?

Blog Archives
November 2022 (54)
January 2025 (1)

Blog Labels
PPP Fraud (1)
ePHI (2)
Data Breach (1)
Covered Entity (40)
Telehealth (1)
BAA (4)
EHR Fraud (1)
HIPAA (2)
HIPAA Enforcement (3)