Health Sciences Center Revises Process to Prevent Unauthorized Disclosures to Employers
Health Sciences Center Revises Process to Prevent Unauthorized Disclosures to Employers
Covered Entity: General Hospitals
Issue: Impermissible Uses and Disclosures; Authorizations
A state health sciences center disclosed protected health
information to a complainant's employer without authorization. Among
other corrective actions to resolve the specific issues in the case,
including mitigation of harm to the complainant, OCR required the Center
to revise its procedures regarding patient authorization prior to
release of protected health information to an employer. All staff was
trained on the revised procedures.
| Outpatient Surgical Facility Corrects Privacy Procedure in Research Recruitment Covered Entity: Outpatient Facility Issue: Impermissible Uses and Disclosures An outpatient surgical facility disclosed a patient's protected health information (PHI) to a research entity for recruitment purposes without the patient's authorization or an Institutional Review Board (IRB) or privacy-board-approved waiver of authorization. The outpatient facility reportedly believed that such disclosures were permitted by the Privacy Rule. OCR provided technical assistance to the covered entity regarding the requirement that covered entities seeking to disclose PHI for research recruitment purposes must obtain either a valid patient authorization or an Institutional Review Board ...read more |
| Mental Health Center Provides Access and Revises Policies and Procedures Covered Entity: Mental Health Center Issue: Access, Restrictions The complainant alleged that a mental health center (the "Center") refused to provide her with a copy of her medical record, including psychotherapy notes. OCR’s investigation revealed that the Center provided the complainant with an opportunity to review her medical record, including the psychotherapy notes, with her therapist, but the Center did not provide her with a copy of her records. The Privacy Rule requires covered entities to provide individuals with access to their medical records; however, the Privacy Rule exempts ...read more |
| Private Practice Revises Process to Provide Access to Records Regardless of Payment Source Covered Entity: Private Practices Issue: Access At the direction of an insurance company that had requested an independent medical exam of an individual, a private medical practice denied the individual a copy of the medical records. OCR determined that the private practice denied the individual access to records to which she was entitled by the Privacy Rule. Among other corrective actions to resolve the specific issues in the case, OCR required that the private practice revise its policies and procedures regarding access requests to reflect the ...read more |
| Wednesday, November 9, 2022 A federal grand jury in Newark, New Jersey, returned an indictment today charging an Indian national for fraudulently obtaining millions of dollars in Paycheck Protection Program (PPP) loans guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. According to court documents, Abhishek Krishnan, 40, previously resided in Wake County, North Carolina, before returning to his home country of India. After returning to India, Krishnan allegedly submitted numerous fraudulent PPP loan applications to federally insured banks, including on behalf of purported companies that were not registered business entities. ...read more |
|
April 2026
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | 1 | 2 | 3 | 4 |
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
January 2025 (1)
November 2022 (54)
Blog Labels
Covered Entity (40)
HIPAA Enforcement (3)
Telehealth (1)
ePHI (2)
PPP Fraud (1)
BAA (4)
EHR Fraud (1)
HIPAA (2)
Data Breach (1)
|
