It can be impractical for medical researchers to seek authorization from all the patients whose medical records are sought for a study. That’s why HIPAA allows researchers to use de-identified PHI from records without individual authorization.
Q: I work for a behavioral health recovery center, and many of our programs fall under 42 CFR Part 2, as we provide substance use services. Sometimes a referring agency follows up to ask if a client has scheduled an appointment. Can we confirm that a patient has made an appointment? Do referral appointments like this fall under PHI?
In June 2018, the state of California passed the California Consumer Privacy Act of 2018 (CaCPA), which has implications for healthcare professionals doing business in California, but with other states proposing similar bills, it’s worth taking a look to see what these privacy laws mean for HIPAA compliance and privacy more broadly.
The American Medical Collection Agency recently began notifying its clients of a hack that exposed personal and billing data of its clients, including approximately 11.9 million Quest Diagnostic patients and 7.7 million LabCorp patients.