01-29-14 
MG Logo  + What and How
 
The information we provide is our opinion and does not constitute legal advice.
  
We hope you find this column useful. Please let us know.
  
The MalvernGroup Team
MalvernGroup on Twitter
.
Did you know that we post our alerts on Twitter? You can access prior alerts on Twitter here. Retweet us! 
 
HIPAA Law Enforcement Guidance

 

This is the 6th, and final, HIPAA Checkup review of Office for Civil Rights Guidance.

 

This one focuses on when a covered entity can release protected health information (PHI) to law enforcement officers or offices.

 

Health and Human services (HHS) has prepared a HIPAA Guide for Law Enforcement that outlines the HIPAA Privacy Rule Requirement for disclosure of PHI to a law enforcement officer or office.

 

The Guide outlines the following:

  1. The Privacy Rule permits a covered entity to disclose PHI to law enforcement with an individual's written and signed authorization - 45 CFR 164.508
  2. The Privacy Rule permits a covered entity to disclose PHI to law enforcement without an individual's permission or knowledge- 45 CFR 164.512

* To prevent or lessen a serious and imminent threat to the health or safety of

an individual or the public;

* To report in good faith evidence of a crime that occurred on the premises of the covered entity;

* To alert law enforcement about the death of the individual, when there is a suspicion that death resulted from criminal conduct;

* When responding to an off-site medical emergency, as necessary to alert law enforcement to criminal activity;

* To report when required by law (including state law) such as reporting gunshots or stab wounds;

* To report child abuse or neglect, without a parent's agreement, to any law enforcement official authorized by law to receive such reports;

* To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used);

* To respond to a request for PHI to identify or locate a suspect, fugitive, material witness or missing person, but the PHI must be limited to basic demographic and health information about the person;

* To respond to a request for PHI about an adult victim of a crime when the victim agrees (or in limited circumstances if the victim is unable to agree).

 

For review and training purposes the Office for Civil Rights (OCR) has developed a decision tool for disclosures relating to emergency preparedness. The tool can be used to determine if an intended disclosure during an emergency is permissible under HIPAA. There are three questions and a Process Flow at a Glance.

The questions ask:

  1. Who is the source of the information disclosed?
  2. To whom is the information being disclosed?
  3. Is there a signed authorization permitting the disclosures?

Remember in all circumstances the Privacy Rule permits PHI to be disclosed for treatment, payment and healthcare operations without an individual's authorization.

 

In Case You Missed Last Week's Checkup click here

Next Alert's Checkup Topic
Patient Access Rights; Guest Author,  Psychologist Dr Bruce Borkosky Psy.D.
  
       
 
  Here are this week's alerts
 
Attorneys Solicit Potential Affected Individuals in AHMC Breach of 729,000 
 
Click here for the wklawyers.com post
  
Texas State Mental Hospitals Faulted for Patient Privacy Breaches
 
Click here for the phiprivacy.net article
  
Health Data Breach Tally Tops 800 
 
Click here for the healthcareinfosecurity.com article
  
Records Exposed Hit New High in 2013
 
Click here for the govinfosecurity.com article
  
Patients Notified after Paper Records Stolen
 
Click here for the healthdatamanagement.com article
  
Canadian Group in Hot Water Over Massive Breach
 
Click here for the healthcareitnews.com article
  
Bitcoin Exchange CEO Faces Silk Road-Related Money Laundering Charges
 
Bitcoin service is used to pay ransomware criminals to decrypt highjacked files  

Click here for the scmagazine.com article
  
Webcast Tomorrow: Regulating Electronic Health Records and Clinical Decision Support Software as Medical Devices
 
Click here for more information
  
Health Care Innovation Day-DC 2014: Igniting an Interoperable Health Care System, Feb 6th
 
Click here to learn more about the event
  
2014 Data Protection & Breach Readiness Guide
 
740 Million-Plus Records Compromised

Click here for the Online Trust Alliance readiness guide
  
Internet of Things: Calamity in Making?
 
Click here for the govinfosecurity.com article
  
Arrests in E-Mail Hacking Scheme
 
Click here for the healthcareinfosecurity.com article

Click here for the fbi.gov press release
  
7 Questions to Ask Your Business Phone Service Providers About HIPAA Compliance
 
Click here for the healthmgttech.com article
  
Demanding mHealth Security In The Cloud
 
Click here for the mhealthnews.com article
  
Wall of Shame Has New Format and Search Tools 
 
Now almost 800 entries. Looks like original date of posting has been lost in the conversion.

Click here for the OCR breach tool
  
Looking at Both Sides of The BYOD Remote Wipe Policy Debate
 
Click here for the healthitsecurity.com article
  
Are Your IT Systems Really As HIPAA Compliant As You Think?
 
Click here for the healthmgttech.com article
  
Health IT Czar: Make EHRs More Doc-Friendly
 
Click here for the medpage.com article
  
Study: Majority of Physicians Use EHRs, but 'Digital Divide' Remains
 
Click here for the ihealthbeat.org article
  
Breaches Spark Call For Congress to Act
 
Click here for the govinfosecurity.com article
  
How much ONC MU Privacy, Security Advice Is Needed?
 
Click here for the healthitsecurity.com article
  
6 Statistics on the Use Of mHealth
 
Click here for the beckershospitalreview.com article
  
Privacy Leader Takes Issue with 'Myths' about Big Data
 
Click here for the healthdatamanagement.com article
  
Should Patients Be Charged for Access To Their Data?
 
Click here for the hiewatch.com article
  
Punish Careless Employees To Reduce Security Breaches, Vendor Says
 
Click here for the csoonline.com article
  
Popular No-Cost Medical Apps Divulge Personal Data to Advertisers 
 
For those of us who sit..

Click here for the ihealthbeat.org article
  
The Health Hazards of Sitting
 
For those of us who sit..

Click here for the washingtonpost.com article
  
In Case You Missed It
  
Hackers Target Health Data in New Breach
  
Click here for the healthcareitnews.com article
  
Privacy and Security Tiger Team Lays Out 2014 Agenda
  
Click here for the healthitsecurity.com article

 

The 25 Worst Passwords Of 2013: 'password' Gets Dethroned
  
Click here for the pcworld.com article
Featured Product: Breach Response Policy and Procedures for Covered Entities
 
Click here to see why you need this product
 
About Us

MalvernGroup and its Team Members provide HIPAA privacy, security, and business continuity consulting services. MalvernGroup and Susan A Miller J.D. publish this email newsletter, a weekly commentary on healthcare news and events, comprehensive regulatory analysis, briefings, and how-to documents. Click here for additional information

 Click here to tell us what you need

 See prior MalvernGroup Alerts on twitter

 Thank you for your continued interest

 The MalvernGroup Team