Q. When is Adult Protective Services (APS) entitled to copies of a patient’s medical record without a signed authorization?

An adult patient was transferred from a hospital to our skilled nursing facility for long-term care. Prior to transfer, the hospital social worker called APS with a concern that family members were neglecting the patient and using the patient’s money for their own benefit. APS then came to our facility asking to review the patient’s medical record.

A. APS and Child Protective Services have authority under state law to obtain the information they need to investigate cases under their jurisdiction. Because APS has an open investigation in this case, the caseworker has legal authority to review the patient’s medical record or obtain copies without authorization from the patient or the patient’s legal representative.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question. She is associate executive director of Health Information Management (HIM) at Scott & White Healthcare in Temple, TX. Some of her publications were used as a basis for the Health Insurance Portability and Accountability Act of 1996 privacy regulations.  

HIPAA in 2011. Those 365 days were more about bad headlines for organizations:

• Cignet Health fined $4.3 million in OCR’s first civil money penalty
• UCLA Health System pays $865,000 to settle HIPAA violation claims
• Massachusetts General Hospital agrees to pay $1 million for HIPAA breach

The headlines just kept coming.

In 2012, we want to keep the headlines going – but this year, we want to make more positive ones. HCPro, Inc., which publishes HIPAA Weekly Advisor and the 12-page, print newsletter, Briefings on HIPAA, wants to hear the good things that happen in the world of HIPAA compliance in 2012. We want to share your stories.

Have a good headline from your organization? Decreased your HIPAA breaches? Implement a successful training program? Let us know, and you and your organization could possibly be featured in one of our publications.

Please share your stories with senior managing editor Dom Nicastro.
 

Government security officials will host the fifth annual conference, Safeguarding Health Information: Building Assurance through HIPAA Security, June 6 and 7 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The conference speakers will explore the current health information technology security landscape and the HIPAA Security Rule, highlighting the present state of health information security. In addition, they will present practical strategies, tips and techniques for compliance. Presentations will cover a variety of current topics including:

• Updates on HHS health information privacy and security initiatives
• OCR’s enforcement of health information privacy and security activities
• Integrating security safeguards into health IT
• Safeguards to secure mobile devices
• Removing sensitive data from the Internet

For more information, visit the NIST conference website.