HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Author Archive

Q: Our healthcare facility is requiring employees to get the flu shot or they will have to wear a mask when within 6 feet of patients. Is this not a violation of employee or patient privacy? A. The Privacy Rule only protects the privacy of patient, not employees. Requiring non-vaccinated employees to wear a respiratory mask to protect the health of patients does not violate the patient’s privacy and may prevent the spread of infection. Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, vice president of HIM at Scott & White Healthcare in Temple, TX answered this question in the February issue of Briefings on HIPAA. Brandt is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations.
Categories : Compliance Monitor
Comments (0)
Dec
22

HIPAA Q&A: Police department mailings

Posted by: | Comments (0)
Email This Post Print This Post
Q. We are a medical provider for a local police department and mail out various postcards and medical information throughout the year. Many of our members fail to provide current mailing addresses, but the returned mail often includes an updated mailing label from the post office. Can we use this information without compromising any of the HIPAA regulations?

A. Yes. Forwarding addresses provided by the post office are public information that is not protected under HIPAA. You can use this information to update addresses in your patient database.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, vice president of health information management at Scott & White Healthcare in Temple, TX, answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations.  

Comments (0)
Aug
22

HIPAA Q&A: PHI on website

Posted by: | Comments (1)
Email This Post Print This Post

Q. One of my colleagues made a website accessible to invitees only. He plans to upload a spreadsheet that contains clients’ names and diagnoses. The spreadsheet will be password-protected, but I believe it will compromise our HIPAA compliance nonetheless. Am I correct?

A. Posting patient-identifiable health information on any website, even if it is password-protected, could result in a breach of patient confidentiality. This situation requires a detailed review by your organization’s compliance officer before your colleague proceeds any further.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question. She is associate executive director of HIM at Scott & White Healthcare in Temple, TX. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.
 

Comments (1)

Q. We have a medical unit for a pediatric population. This campus includes a school for educating the children. How do we transmit information between the school and the medical unit without violating HIPAA?

A. You may provide information to the school without patient/parent authorization if the school is providing healthcare services to the patient as part of the treatment process. Otherwise, you should obtain authorization from the child’s legal representative to release PHI to the school if school officials don’t need this information for ongoing care.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question. She is associate executive director of HIM at Scott & White Healthcare in Temple, TX. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.
 

Categories : HIPAA Q&A
Comments (0)
May
25

Q&A: Patient stories on the internet

Posted by: | Comments (0)
Email This Post Print This Post

Q: I've been struggling with HIPAA authorization requirements regarding website postings of patients' healthcare stories. If patients voluntarily post their stories on our Facebook or other social media sites, can we use those stories in other media, such as fundraising brochures, without obtaining specific authorization?

A: No. Even though patients sometimes post their stories on an organization's social media website, you should not use these stories for other ¬purposes without the patient's written authorization. Patients may be willing to share their stories publicly, but they may not want them used for other purposes, such as fundraising.

Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question for the Briefings on HIPAA newsletter. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.
Categories : HIPAA Q&A
Comments (0)