by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC). SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]
by Daniel J. Solove Recently, I wrote about the challenges in accessing health information about family members. In this post, I will explore patients’ access to their own medical records. HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for […]
by Daniel J. Solove Suppose your elderly mother is being treated at the hospital for a heart condition. Your mother tells her doctor that you can have access to her health information. The doctor, however, doesn’t disclose the information to you. The doctor thinks that you can only have the information with a signed written […]
by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.
by Daniel J. Solove There is a great quote in this article from HealthcareInfoSecurity: that expresses very well the importance and goals of HIPAA training programs: Workforce training is important not only for preventing breaches, including those involving ID crimes, but also to help detect those incidents, [Ann Patterson of the Medical Identity Fraud Alliance] says. […]
by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements. This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule. This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: […]