The University of Michigan Medicine is notifying approximately 3,700 patients about a mailing error that resulted in letters containing personal health information to be sent to the wrong patients.
Q: Where can the policy be found that shows records can be destroyed as soon as they are scanned into the electronic medical record (EMR)? Would a hospital presume that it is acceptable to destroy paper records after they are scanned into the EMR if electronic storage media is legally acceptable for medical records in its state?
Q: When I returned to work after being out for a month on short-term disability, I was disciplined because of my doctor's excuse, which I only gave to medical but somehow was released to the human resources (HR) department. Could this release of my medical information to HR be a HIPAA violation?
Millions of medical records are sent to insurance companies every year by hospital and health system business office personnel to expedite claims payment, respond to payer audits, or fulfill other payer denial requests for information. And any time medical records are handled, HIPAA concerns come into play.
Protected health information of approximately 19,000 current and former employees of Toyota Industries North America Inc., headquartered in Columbus, Indiana, was exposed in a security incident, the company reported in a September notice.
Q: I went to a clinic and they asked to scan my driver’s license. They told me it was federal law and that I could not keep my appointment if I did not let them scan it. Were they right?
Most covered entities still use mailings to communicate with patients and members, so it is worth revisiting Aetna's 2017 mailing breach and the surrounding litigation to understand where negligence occurred and to take away some valuable lessons learned.
UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. reached a $230,000 settlement with the state of Massachusetts in response to two data breaches that exposed the personal health information of more than 15,000 Massachusetts residents.
Q: How long are we required to retain the records of out-of-state patients? Do we follow HIPAA’s record retention requirements, our state record retention requirements, or the record retention requirements of the state in which the patient lives?
In this month's Product Watch, we look at a game-changing texting app. With the available technology, covered entities and business associates would be hard-pressed to justify sending PHI using unsecure texts.
