HIPAA Weekly Advisor  | HCPro

In this issue - February 14, 2011

  1. HCPro, Inc. blog, e-Newsletter cited as top HIPAA publications

  2. EHR accounting of disclosures rule close to publication

  3. HIPAA Update question: Notify the patient's mother, too?

  4. HIPAA Q&A: Physician notes work status

Please add our address hipaa_advisor@list.hcpro.com to your e-mail address book to ensure you receive your eNewsletter issues.

HIPAA Weekly Advisor
February 14, 2011
Send to a colleague Send to a colleague
Subscribe for FREE Subscribe for FREE

We hope you enjoy HIPAA Weekly Advisor, the free, weekly e-mail newsletter brought to you by our premium monthly newsletter Briefings on HIPAA (BOH).

Don't forget to visit our new HIPAA Update blog, absolutely free at www.hipaaupdate.com Add it to your favorites!

UPGRADE at 10% off of the premium subscription of BOH today.

Existing Briefings on HIPAA subscribers, renew your subscription.

Have a HIPAA question?

Stumped by HIPAA provisions in the Stimulus Act? Or do you have a general HIPAA privacy or security compliance question? Please send your question to Senior Managing Editor Dom Nicastro. (Editor's note: Due to the large volume of questions we receive, we are not able to answer all inquiries).

HCPro, Inc. blog, e-Newsletter cited as top HIPAA publications

Medicine|e-Learning honored HIPAA Update blog and HIPAA Weekly Advisor, publications produced by HCPro, Inc., of Danvers, MA, as two of the best sources of information for HIPAA compliance and news. 

The blog, created a few months after President Obama signed HITECH into law in February 2009, has been in existence for more than a year now. HIPAA Update ranked fifth among healthcare HIPAA blogs.

This very weekly e-Newsletter has been in existence since 2000. Medicine | e-Learning cited it as one of the top eight HIPAA newsletters.

Back to top

EHR accounting of disclosures rule close to publication

The Department of Health & Human Services pushed forward a HITECH-required proposed rule on accounting of disclosures of EHRs February 9.

The rule will lay the foundation for what healthcare providers will be accountable when patients request disclosures of their electronic medical records.

The rule is in the hands of the Office of Management and Budget (OMB), which reviews all rules before they go final. Its review could take up to 90 days. HITECH expands an individual’s right to request information from his/her health record.

The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, in May 2010 published a notice in the Federal Register asking for help crafting this proposed rule on accounting of disclosures on EHRs.

OCR wrote it wanted to “better understand the interests of individuals with respect to learning of such disclosures, the administrative burden on covered entities and business associates of accounting for such disclosures, and other information that may inform [its] rulemaking in this area.”

Read more on HIPAA Update.

Back to top

HIPAA Update question: Notify the patient's mother, too?

Check out this question, and weigh in with your colleagues here.

What is the requirement for a covered entity to provide notice of a PHI breach to an individual who may not be a patient of the covered entity?

For example, if a covered entity breaches the medical record of a patient, and the medical record includes the social and medical history about the patient’s mother, should notice be sent to the patient and her mother or just the patient?

If notice needs to be sent to the mother, how would that person’s address be verified?

Back to top

HIPAA Q&A: Physician notes work status

Q. A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?

A. No, this doesn’t violate HIPAA. Much depends on the hospital’s specific privacy practices, but many covered entities take extra steps to protect their employees’ privacy. The physician may have included the notation to alert others that distribution of the test results should be limited to certain employees.

Also, noting a patient’s status as an employee of any covered or noncovered entity does not violate HIPAA unless this information is inappropriately accessed along with other PHI or a security breach occurs.

Editor’s note: Chris Apgar, CISSP, answered this question. This is not legal advice. Consult your attorney regarding legal matters.

Back to top


Dom Nicastro
Senior Managing Editor
HIPAA Weekly Advisor

Volume 12 Issue 7
ISSN# 1535–4210

HCPro, Inc.

75 Sylvan Street, Suite A-101
Danvers, MA 01923


$subst('list.descshort') © 2011 HCPro, Inc. You have permission to forward $subst('list.descshort'), in its entirety only, to your colleagues, provided this copyright notice remains part of your transmission. To subscribe to $subst('list.descshort'), please send an email to: owner-$subst('List.Name')@hcpro.com and type "subscribe (your e-mail address)" in the body. All other rights reserved. None of this material may be reprinted without the expressed written permission of HCPro, Inc.

Advice given is general, and readers should consult professional counsel for specific legal, ethical, or clinical questions. Users of this service should consult attorneys who are familiar with federal and state health laws.

HCPro, Inc. is not affiliated in any way with The Joint Commission, which owns the JCAHO and Joint Commission trademarks, the Accreditation Council for Graduate Medical Education, which owns the ACGME trademark, or the Accreditation Association for Ambulatory Health Care (AAAHC).

If you would like further information about any of HCPro's products, including books, seminars, videos, consulting services, or newsletters please visit www.hcmarketplace.com

You are receiving this message as a subscriber to $subst('list.descshort'). If you would like to unsubscribe, just click here and follow the directions on your screen. If you do not have web access, please forward this email to: owner-$subst('List.Name')@hcpro.com and type "Remove $subst('Recip.EmailAddr')" in the body.

Copyright 2011 HCPro, Inc., 75 Sylvan Street, Suite A-101 Danvers, MA 01923