Ask the Expert

Q: We’ve had a breach of unsecured PHI regarding an out-of-state patient. What is your recommended first step in terms of which breach notification laws—state vs. federal—we need to comply with?

Q: Why do some patients seem so unwilling to talk about food insecurity?

Q: If you discover that you have accidentally accessed a patient’s information on your facility’s computer system, what’s the best course of action? Who should you notify first? Are you at risk of being in trouble if you looked at the information before realizing the error?

Q: What are bundled payments and who benefits from them?

Q: Does the HIPAA Privacy Rule require facilities to make structural changes like soundproofing or private rooms in order to prevent disclosures that could occur from overhearing conversations?

Q: Which codes need to be used when billing for the social determinants of health?

Q: Can a healthcare provider be a business associate of another provider? In other words, do providers need to have business associate agreements between one another?

Q: Where can case managers find ethical guidance on end-of-life issues?

Q: Does the HIPAA Privacy Rule strictly prohibit the disclosure or request of an entire medical record? If not, does there need to be a case-by-case justification every time an entire record is disclosed?

Q: How can case managers help ensure that bias doesn’t interfere with patient care?