“Don’t Tell My Mom”: A Guide to HIPAA Compliance for Minor Patients

“Don’t Tell My Mom”: A Guide to HIPAA Compliance for Minor Patients

As a healthcare provider, when a minor patient approaches you and pleads, “Don’t tell my mom,” abiding by your patient’s wishes is anything but simple. In fact, HIPAA offers no protection to minors and requires healthcare providers to release a minor patient’s medical records to the child’s parent or guardian when requested. This guide to...

read more

Why your Notice of Privacy Practices alone doesn’t satisfy your HIPAA obligations

Why your Notice of Privacy Practices alone doesn’t satisfy your HIPAA obligations

We hear this question a lot. “I already have a Notice of Privacy Practices. Does that mean I don’t need the HIPAA policy you mentioned?” And the answer is always, without exception, a resounding no. A Notice of Privacy Practices document is not a substitute for written privacy policies and procedures, nor is it sufficient to satisfy...

read more

Failure to notify patients of privacy breach: Illinois hospital settles for $475k

Failure to notify patients of privacy breach: Illinois hospital settles for $475k

The U.S. Department of Health and Human Services, Office for Civil Rights, settled with a healthcare system for its untimely reporting of a breach of its unsecured, private health information. Presence Health has agreed to pay $475,000 and implement a corrective action...

read more

Dallas hospital pays out $3.2 million for HIPAA breach

Dallas hospital pays out $3.2 million for HIPAA breach

Children’s Medical Center had failed to implement procedures that were compliant with HIPAA.  It did not implement risk management plans, nor did it use encryption on all of its laptops, workstations, mobile devices, or removable media...

read more

How Small Practices Can Avoid HIPAA Audits or Penalties

How Small Practices Can Avoid HIPAA Audits or Penalties

HIPAA has two general components: privacy and security.  Most of our clients do a great job with patient privacy: they know not to discuss PHI, and they are generally committed to ensuring that their patients’ information remains private.  However, HIPAA does not always place substance above form – and for good reason, if the breach examples provided above are any...

read more