The Mississippi State Department of Health in Jackson, Mississippi, recently notified 30,799 patients of an email breach that gave a Centers for Disease Control and Prevention contractor unauthorized access to patient information, according to a press release
Q: We are a doctor’s office in a small town. Recently, one of our patients threw away some papers containing PHI in a wastebasket in the waiting room. Another patient’s child later took them out of the wastebasket. The child’s parent brought the papers up to the desk and apologized. Is this a privacy breach? Are we responsible for the papers even though we turned them over to the patient?
Q. Do laptops need to be encrypted if there is no PHI stored on them? Employees do use them to access PHI, but the PHI is stored remotely. We have a policy that states that employees are not allowed to save PHI to laptops.
CMS reminded organizations to pay attention to billing and coding for specimen validity testing done in conjunction with drug testing. The agency reviewed recent code changes and billing guidelines for these lab tests in Special Edition MLN Matters 18001 released on March 29. CMS emphasized that providers that perform validity testing on urine specimens cannot separately bill the validity testing.
Primary Health Care in Des Moines, Iowa, recently announced an email breach of its system one year after discovery. This exceeds the timeframe outlined in the HIPAA Breach Notification Rule, which states that organizations are required to report a breach within 60 days of discovery.
CMS recently released its annual report of Health Insurance Exchange open enrollment, which revealed that open enrollment is down from 12.2 million in 2017 to 11.8 million for 2018.
Q. I’ve been taught to tell our patients, “We look forward to seeing you on x day at x time with x doctor.” This has always been left on cell phone voice mails or home phones. Is this a HIPAA-compliant practice?
