Private Practice Revises Policies and Procedures Addressing Activities Preparatory to Research
Private Practice Revises Policies and Procedures Addressing Activities Preparatory to Research
Covered Entity: Private Practice
Issue: Impermissible Disclosure-Research
A private practice physician who was the principal investigator of a
clinical research study disclosed a list of patients and diagnostic
codes to a contract research organization to telephone patients for
recruitment purposes. The disclosure was not consistent with documents
approved by the Institutional Review Board (IRB). The private practice
maintained that the disclosure to the contract research organization was
permissible as a review preparatory to research. Activities considered
“preparatory to research” include: preparing a research protocol;
developing a research hypothesis; and identifying prospective research
participants. Contacting individuals to participate in a research study
is a use or disclosure of protected health information (PHI) for
recruitment, as it is part of the research and is not an activity
preparatory to research. To remedy this situation, the private practice
revised its policies and procedures regarding the disclosure of PHI and
trained all physicians and staff members on the new policies and
procedures. Under the revised policies and procedures, the practice may
use and disclose PHI for research purposes, including recruitment, only
if a valid authorization is obtained from each individual or if the
covered entity obtains documentation that an alteration to or a waiver
of the authorization requirement has been approved by an IRB or a
Privacy Board.
| Mental Health Center Provides Access and Revises Policies and Procedures Covered Entity: Mental Health Center Issue: Access, Restrictions The complainant alleged that a mental health center (the "Center") refused to provide her with a copy of her medical record, including psychotherapy notes. OCR’s investigation revealed that the Center provided the complainant with an opportunity to review her medical record, including the psychotherapy notes, with her therapist, but the Center did not provide her with a copy of her records. The Privacy Rule requires covered entities to provide individuals with access to their medical records; however, the Privacy Rule exempts ...read more |
| DOVER (Oct. 21, 2022) – The Delaware Division of Developmental Disabilities Services is announcing today that it is mailing letters to service recipients and legal guardians who were impacted by a recent data breach incident and is providing information to the public regarding the incident. On August 23, 2022, staff within the Division of Developmental Disabilities Services (DDDS) discovered that in the process of creating new user accounts in the division’s client database, DDDS staff inadvertently provided access to individual records of 7074 individuals. As a result of these actions, 159 new users had potential access to service recipients’ ...read more |
| Private Practice Revises Process to Provide Access to Records Covered Entity: Private Practices Issue: Access A private practice failed to honor an individual's request for a complete copy of her minor son's medical record. OCR's investigation determined that the private practice had relied on state regulations that permit a covered entity to provide a summary of the record. OCR provided technical assistance to the covered entity, explaining that the Privacy Rule permits a covered entity to provide a summary of patient records rather than the full record only if the requesting individual agrees in advance to such a summary ...read more |
| Wednesday, November 9, 2022 A federal grand jury in Newark, New Jersey, returned an indictment today charging an Indian national for fraudulently obtaining millions of dollars in Paycheck Protection Program (PPP) loans guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. According to court documents, Abhishek Krishnan, 40, previously resided in Wake County, North Carolina, before returning to his home country of India. After returning to India, Krishnan allegedly submitted numerous fraudulent PPP loan applications to federally insured banks, including on behalf of purported companies that were not registered business entities. ...read more |
|
December 2025
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | 4 | 5 | 6 |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
November 2022 (54)
January 2025 (1)
Blog Labels
Data Breach (1)
EHR Fraud (1)
PPP Fraud (1)
HIPAA (2)
Covered Entity (40)
Telehealth (1)
HIPAA Enforcement (3)
ePHI (2)
BAA (4)
|
