Most covered entities still use mailings to communicate with patients and members, so it is worth revisiting Aetna's 2017 mailing breach and the surrounding litigation to understand where negligence occurred and to take away some valuable lessons learned.
Millions of medical records are sent to insurance companies every year by hospital and health system business office personnel to expedite claims payment, respond to payer audits, or fulfill other payer denial requests for information. And any time medical records are handled, HIPAA concerns come into play.
HIPAA allows patients to request amendments to their medical records. Facilities are not required to automatically make whatever change a patient requests, but they must allow patients to make the requests and follow a specific process for handling them.