Mental Health Center Provides Access and Revises Policies and Procedures
Mental Health Center Provides Access and Revises Policies and Procedures
Covered Entity: Mental Health Center
Issue: Access, Restrictions
The complainant alleged that a mental health center (the "Center")
refused to provide her with a copy of her medical record, including
psychotherapy notes. OCR’s investigation revealed that the Center
provided the complainant with an opportunity to review her medical
record, including the psychotherapy notes, with her therapist, but the
Center did not provide her with a copy of her records. The Privacy Rule
requires covered entities to provide individuals with access to their
medical records; however, the Privacy Rule exempts psychotherapy notes
from this requirement. Although the Center gave the complainant the
opportunity to review her medical record, this did not negate the
Center’s obligation to provide the complainant with a copy of her
records. Among other corrective action taken, the Center provided the
complainant with a copy of her medical record and revised its policies
and procedures to ensure that it provides timely access to all
individuals.
| A Covered Entity is: A health plan. An individual or group plan that provides, or pays the cost of, medical care. Health plans include private entities (e.g., health insurers and managed care organizations) and government organizations (e.g., Medicaid, Medicare, and the Veterans Health Administration) A health care provider. A provider of health care services and any other person or organization that furnishes, bills, or is paid for health care in the normal course of business. Health care providers (e.g., physicians, hospitals, and clinics) are covered entities if they transmit health information in electronic form in connection with a transaction ...read more |
| Large Provider Revises Patient Contact Process to Reflect Requests for Confidential Communications Covered Entity: General Hospital Issue: Impermissible Disclosure; Confidential Communications A patient alleged that a general hospital disclosed protected health information when a hospital staff person left a message on the patient’s home phone answering machine, thereby failing to accommodate the patient’s request that communications of PHI be made only through her mobile or work phones. In response, the hospital instituted a number of actions to achieve compliance with the Privacy Rule. To resolve this matter to the satisfaction of OCR, the hospital: retrained an entire Department with ...read more |
| Pharmacy Chain Institutes New Safeguards for PHI in Pseudoephedrine Log Books Covered Entity: Pharmacies Issue: Safeguards A grocery store based pharmacy chain maintained pseudoephedrine log books containing protected health information in a manner so that individual protected health information was visible to the public at the pharmacy counter. Initially, the pharmacy chain refused to acknowledge that the log books contained protected health information. OCR issued a written analysis and a demand for compliance. Among other corrective actions to resolve the specific issues in the case, OCR required that the pharmacy chain implement national policies and procedures to safeguard the ...read more |
| Pharmacy Chain Revises Process for Disclosures to Law Enforcement Covered Entity: Pharmacies Issue: Impermissible Uses and Disclosures A chain pharmacy disclosed protected health information to municipal law enforcement officials in a manner that did not conform to the provisions of the Privacy Rule. Among other corrective actions to resolve the specific issues in the case, OCR required this chain to revise its national policy regarding law enforcement's access to patient protected health information to comply with the Privacy Rule requirements, including that disclosures of protected health information to law enforcement only be made in response to written requests from ...read more |
|
August 2025
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | | | 1 | 2 |
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
EHR Fraud (1)
Covered Entity (40)
Data Breach (1)
Telehealth (1)
BAA (4)
HIPAA (2)
HIPAA Enforcement (3)
PPP Fraud (1)
ePHI (2)
|
