HIPAA Guidance for the Health Care Professional in light of Recent Tragedy

http://www.hhs.gov/ocr/office/lettertonationhcp.pdf

The above letter written and distributed by the Department of Health and Human Services on January 15, 2013, reminds us all that health care providers may make certain disclosures regarding otherwise protected patient information.

When confronted with a good faith belief that a serious and imminent threat to the health and safety of the patient or others exists, health care providers may alert persons believed to be able to prevent or lessen the threat.

In light of recent events, the takeaway from this HHS letter is that a warning can go a long way.

If you require the assistance of a Washington D.C. area health care lawyer with expertise in HIPAA rules and regulation, please contact the Strisik Law Firm today.

Do You De-Identify?

$1,000,000

$500,000

$2,500,000

$250,000

The above represent a short list of penalties imposed within the last year by the U.S. Department of Health and Human Services on covered entities (health care providers, insurers, and others) who have breached the HIPAA Privacy Rule by disclosing a patient’s individually identifiable health information.  Just Google “HHS HIPAA Fines” and the results will be staggering.

Bad publicity, costly fines and lengthy litigation can be avoided when information about a patient is de-identified prior to disclosure.

Under the HIPAA Privacy Rule, information can be De-Identified so that the information itself is no longer individually identifiable.  The key is the “individual” component of this equation:  de-identified informatio can be used and disclosed for a wide variety of purposes without getting the health care entity in hot water with the government.

Health care entities must question the manner in which they obtain, use and disclose information pertaining to their patients.  In order to avoid costly litigation and penalties, health care entities should note the following:

1.  The law allows de-identified personal information about a patient to be disclosed;

2.  The law does not provide a privacy or monetary interest for an individual whose information has been de-identified prior to disclosure; and

3.  HIPAA contains guidance as to the appropriate manner in which personal information is de-identified; as long as those rules are followed, the Courts in the U.S. cannot intervene.

Learning how to properly de-identify patient’s personal information in today’s litigious society is crucial.  The benefits include avoidance of fines, lawsuits and negative publicity.