Monthly Archives: January 2010
HIPAA provides special protection to psychotherapy notes
As per the HIPAA, many types of Protected Health Information (PHI) can be accessed for treatment, payment or other healthcare operations without an explicit permission from the individual, but HIPAA’s Privacy Rule extends special protections to psychotherapy notes. As such, the use or disclosure of psychotherapy notes requires an authorization except: for the originator of … Continue reading
What are the different laws governing email compliance?
The world of business today seems incomplete without the concept of email and as email becomes an increasingly integral part of business, it is not without an onslaught of laws that are designed to keep email compliant with things like customer privacy, law enforcement investigations, and corporate governance. The purpose of these laws is to … Continue reading
Blumenthal sues Health Net for violation of HIPAA
Taking the first legal action for the violation of HIPAA, State Attorney General Richard Blumenthal is suing Health Net of Connecticut Inc. for allegedly failing to secure the private medical records and financial information of 446,000 Connecticut members and delaying to report a widespread security breach. The data went missing from Health Net’s Northeast office … Continue reading
New data security laws take effect in Nevada this January
In order to strengthen data security laws, new additions have taken effect in Nevada and New Hampshire on January 1, 2010. Nevada’s law makes it the first state to mandate compliance with the entire Payment Card Industry Data Security Standard (PCI DSS) and impose a requirement on businesses and government agencies to encrypt sensitive data … Continue reading
Right to amendment under HIPAA
Under HIPAA’s Privacy Rule, individuals are granted a right to amend that information in their records with which they disagree, and request corrections. It is the right of individuals to amend any element of protected health information (PHI) in the designated records set, for as long as that information is maintained by the covered entity. … Continue reading
Disclosures of PHI by workforce crime victims
HIPAA allows disclosures of protected health information (PHI) to law enforcement officials by the workforce members of covered entities or of business associates of covered entities, if they have been victims of a crime. Such disclosures must be: 1. Limited to the PHI of the person(s) suspected of the crime; 2. No more than reasonably … Continue reading
First case in Los Angeles for HIPAA violation
Huping Zhou, 48, of Los Angeles, a former UCLA Healthcare System employee pleaded guilty today to four misdemeanor counts of violating HIPAA by illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, thus becoming the first in Los Angeles to be convicted for violating HIPAA.. Zhou accepted his fault before … Continue reading
Covered entities must ensure workforce training
HIPAA’s Privacy Rule mandates that every covered entity provide privacy training for “all members of its workforce with respect to the policies and procedures” on use and disclosure of protected health information, “as necessary and appropriate for the members of the workforce to carry out their function within the covered entity.” HIPAA requires that the … Continue reading
Four categories of uses and disclosures of PHI under HIPAA
Under HIPAA’s Privacy Rule, there are four categories under which covered entities can use and disclose of protected health information (PHI). These categories are: core uses and disclosures, for which no permission is required — although an optional consent can be employed. This includes routine treatment, payment and other health care operations; Disclosures requiring a … Continue reading
Protection of Genetic Information under HIPAA
According to the U.S. Department of Health and Human Services (HHS), PHI includes genetic information that otherwise meets the statutory definition. Therefore, under HIPAA, genetic information will be protected to the same extent as other health information. Though HIPAA’s drafters have not created a “special” standard for genetic information, it is clear that some genetic … Continue reading