Q: If you discover that you have accidentally accessed a patient’s information on your facility’s computer system, what’s the best course of action? Who should you notify first? Are you at risk of being in trouble if you looked at the information before realizing the error?
Q: Does the HIPAA Privacy Rule strictly prohibit the disclosure or request of an entire medical record? If not, does there need to be a case-by-case justification every time an entire record is disclosed?