HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Mar
26

Shredding

Email This Post Print This Post

Our family practice now houses a laser tech. They are their own corporation but work under the guidance of our M.D.

If the laser techs fail to shred their PHI documents, are they solely responsible as their own business or is the family practice MD also liable because it occurred under her roof even though she is a separate corporation?

Tony Martin

Comments

  1. MillCreek says:

    My initial thought is that the FP could get dragged into the matter on the doctrine of vicarious liability or ostensible agency. Depending on how the Feds view it, she may be able to escape regulatory sanctions by claiming the laser techs are a separate company, but would likely still be involved in any state civil actions on the theories stated above.

    Were I the FP, I would be taking a very close look at the contract with the laser techs, to check for lack of any ownership or control over the techs except for clinical oversight, establishing that the techs are a separate company with their own obligation to abide by state and Federal privacy laws, and finally, that the contract has a robust hold harmless and indemnification clause in favor of the FP, that the techs have insurance that backs up the hold harmless and indemnification clause, and that the techs’ insurance company has given written verification that they have read and approved the contract.

    My two cents.

Leave a Reply