Q: If a patient is incapacitated, the Privacy Rule allows for a doctor to discuss the patient’s condition with a family member, according to HHS. What would the protocol be when the patient is divorced, but the ex-husband or ex-wife makes an inquiry about the patient’s status?
Q: I understand that disclosures of PHI can be made to law enforcement without patient authorization when the patient is suspected of committing a crime. What disclosures are permitted when law enforcement officials are investigating another person of a crime and a patient’s PHI may or may not provide evidence?
Q: Do you know if offices have any tablets or computers people can use in which they might log into an account? If so, are there rules governing password retention or auto logouts they need to consider?
Hospitals, health systems, and long-term care facilities are being challenged by census workers requesting information about patients and residents to conduct an accurate census. Some have gone as far as stating that they have a right to access hospital electronic health records (EHR).
Q: Regarding patient portals, to what degree is it the individual’s responsibility to keep his or her health information private? Would the healthcare organization be liable if someone else obtained the individual’s login credentials—perhaps if the individual is known to use the same password for many applications—and accessed the records?
