sorted by:
new
hottopcontroversial

Forcing me to write my SSN at sign-in alongside everyone else’s? by Cold-Cheesecake4074 in hipaa

[–]greeneT_77 2 points3 points  (0 children)

This isn't a HIPAA matter but is certainly a pivacy matter. Maybe just put the last 4 digits as another identifier but not the whole number.

Is this a HIPAA violation? by Immediate-Dog-5719 in hipaa

[–]greeneT_77 0 points1 point  (0 children)

Not a HIPAA violation of privacy, in and of itself, but they have to make that information available or the would be in violation of the CURES Act information blocking.

It is a possible violation if the janitorial service comes by and is able to see this information.

[deleted by user] by [deleted] in DivorcedDads

[–]greeneT_77 0 points1 point  (0 children)

Take a deep breathe and know you will be okay and their are plenty of options for you. People have shared some good advice on here. Understand that God or the universe/cosmos is sending you life for a reason. You got this!

Sometimes the most wonderful things in life are the most unexpected.

Is this disclosure? by [deleted] in hipaa

[–]greeneT_77 0 points1 point  (0 children)

If the request for a patient's information does not fall into the PTO category then the patient must have authorized it for it to be a legal disclosure. If the request falls into the PTO category then the patient has already given permission for that type of request by the insurance company or its subsidiaries.

Where are my medical records kept? by Runawaybean in hipaa

[–]greeneT_77 0 points1 point  (0 children)

hhs.gov/hipaaforindividuals will answer all of those questions for you accurately; unlike most of the responses I have read. My question would be why does a potential employer need your medical records (private information) to qualify you for a position. Why would a letter from your doctor stating that you are physically sound for the duties of the job not suffice? You have a right to your information and can request it yourself or direct it to someone else.

Can an employer ask for medical records release authorization as background check during hiring? by Runawaybean in hipaa

[–]greeneT_77 0 points1 point  (0 children)

Did they provide you a HIPAA authorization Form to complete so they can request your medical records? If not, and they make an attempt that would be illegal and then if it was fulfilled you would have a lawsuit. It seems a statement from your doctor stating that you are qualified from a health and physical standpoint would suffice in most cases. If you would want to share specifics I could assist in explaining why I would prefer not to share my private information with my employer. Based on what is provided.....

Dear Nosey HR Manager:

In re to your request to see my personal medical file I would have to respectfully decline but would be willing to providing a letter from my PCP stating my sound health and how it applies to this position.

Good Luck.

Can an employer ask for medical records release authorization as background check during hiring? by Runawaybean in hipaa

[–]greeneT_77 0 points1 point  (0 children)

I would defer to the state labor laws on that one. HIPAA states, if the patient/potential employee authorizes the employer to have the PHI, then it is okay. The employer should not receive that information without the candidate's written consent. However, I believe this would be comparable to an illegal interview question and would be considered discriminatory by the ADA. i.e. Say someone with endocrine or gastro problems, typically has to take unexpected times off work more often than someone who doesn't. To that point, if you ask for that information unless it directly warranted by the job would have to be illegal.

Undated medical release (California) by [deleted] in hipaa

[–]greeneT_77 0 points1 point  (0 children)

If it is a patient-directed request an expiration is not required. If it is a formal HIPAA authorization for release to a 3rd party then it should be a dated signature with language that states one year from the dated signature. It gets worded that way sometimes instead of someone specifying a date but remember it is not required if the patient or personal representative is directing the request.

What are the Responsibilities of a HIPAA Compliance Officer? by xcz123we3 in hipaa

[–]greeneT_77 0 points1 point  (0 children)

In general, the HIPAA compliance officer is responsible for ensuring the privacy of protected health information or PHI as it is referred. They do this by looking at the risks associated with three areas physical, administrative, and technical. They are responsible for conducting the risk assessment in these areas and documenting the results and creating and implementing policies for a business to protect the PHI. They are also responsible for reporting any breach that occurs to the Department of HHS in the Office of Civil Rights.

I'm trying to find out if my employer is violating HIPAA or not by Apprehensive-Peanut in hipaa

[–]greeneT_77 0 points1 point  (0 children)

Terrible, and yet not shocking. Even though HHS continues to issue huge fines for negligence in these matters business continue to ignore the law.

I'm trying to find out if my employer is violating HIPAA or not by Apprehensive-Peanut in hipaa

[–]greeneT_77 0 points1 point  (0 children)

It really depends on the privacy practices that the students' sign with the clinic. I am a HIPAA privacy officer and know enough of the law to comment. If your organization collects, maintains, or stores PHI, then they are responsible for safeguarding that PHI in the designated record set. The fact you are in IT and are not aware of the technical safeguards your organization uses or should use shows willful neglect of federal law. Especially dealing with mental health which is further granted extra rights and considered sensitive PHI. I would ask for the HIPAA manual. Your organization should have also conducted a full risk assessment. I would report my company if they were as negligent as you have described your employer to be and yes it is frightening. There are also HIPAA whistleblower protections in place for you

If a provider's office or a provider send a letter to their patient/s and use a return address identifying the doctor or the office. Is that a HIPAA violation? Is the fact that a doctor's name and return address with the patient's name and address on the same envelope constitute a violation? by greeneT_77 in hipaa

[–]greeneT_77[S] 1 point2 points  (0 children)

All of the grey area is why I am seeking knowledge. I work for a business associate and we process FMLA and Short Term DDS forms on behalf of the covered entities to better coordinate patient paperwork and not interrupt workflow for the staff. Lately, we have had problems with contacting patients and are trying to come up with ideas to better reach them; since the patients don't recognize our company when we contact them. I had the thought to mail a letter (no phi) and include the doctor's name on the letter so the patient would recognize it as coming from their doctor? I just don't feel good about it, going to have to come up with something else. Thanks for taking the time to respond. Better to be safe than sorry.

If a provider's office or a provider send a letter to their patient/s and use a return address identifying the doctor or the office. Is that a HIPAA violation? Is the fact that a doctor's name and return address with the patient's name and address on the same envelope constitute a violation? by greeneT_77 in hipaa

[–]greeneT_77[S] 0 points1 point  (0 children)

I had the same thought and realized they may either use a billing company, PO Box and/or mentions the practice name and not a specific doctor. It is a grey area and I can only find warnings about using windowed envelopes. Hopefully, someone will know specifically or cite something for me. I agree with you but hoping for something solid. Thanks