Q: I understand that disclosures of PHI can be made to law enforcement without patient authorization when the patient is suspected of committing a crime. What disclosures are permitted when law enforcement officials are investigating another person of a crime and a patient’s PHI may or may not provide evidence?
Q: Do you know if offices have any tablets or computers people can use in which they might log into an account? If so, are there rules governing password retention or auto logouts they need to consider?
Hospitals, health systems, and long-term care facilities are being challenged by census workers requesting information about patients and residents to conduct an accurate census. Some have gone as far as stating that they have a right to access hospital electronic health records (EHR).
Q: Regarding patient portals, to what degree is it the individual’s responsibility to keep his or her health information private? Would the healthcare organization be liable if someone else obtained the individual’s login credentials—perhaps if the individual is known to use the same password for many applications—and accessed the records?
As employers prepare for possible impacts of the Coronavirus (COVID-19), one important step is to review the types of health disclosures that the Health Insurance Portability and Accountability Act (HIPAA) does and does not allow in such times of crisis.
Q: HHS recently issued a notice that fee limitations will apply only to an individual’s request for access to their own records and not to an individual’s request to transmit records to a third party. Will limitations imposed by state law now apply?
