BackAtIt
MuscleHead
- Oct 3, 2016
- 2,185
- 668
Below is an excerpt of a conversation that occurred on Quora...A Periodontal Plastic Surgeon was sharing what had happened in regards to one of her husband patients....My question is this, did the Doctor by posting this on Quora violate the HIPPA law?...I say no, others said yes...What do u think?...
Below the excerpt of the said conversation is the HIPPA doc....From what I can tell, the Doc didn't violate it...
Some years ago, my husband sedated a patient for a periodontal surgery. While going under, he reassured her that everything was going well and that he will be taking good care of her.
The patient confidently answered, “I KNOW! YOU ARE A GOOD GUY!”
My husband jokingly asked, “HOW DO YOU KNOW?”
She answered, “IT’S SIMPLE. I WORK FOR ***** AND I RAN YOUR CREDIT. I EVEN KNOW WHERE YOU LIVE.”
After the procedure was done, she did not remember a thing.
Whether it was true or not, we still don’t know to this day. But it is scary to think about….
Health Insurance Portability and Accountability Act (HIPAA) | OHSU
What is a HIPAA Violation?
The Health Insurance Portability and Accountability Act of 1996 is a landmark piece of legislation that was introduced to simplify the administration of healthcare, eliminate wastage, prevent healthcare fraud, and ensure that employees could maintain healthcare coverage when between jobs.
There have been notable updates to HIPAA to improve privacy protections for patients and health plan members over the years which help to ensure healthcare data is safeguarded and the privacy of patients is protected. Those updates include the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Omnibus Rule, and the HIPAA
Breach Notification Rule.
A HIPAA violation is a failure to comply with any aspect of HIPAA standards and provisions detailed in detailed in 45 CFR Parts 160, 162, and 164.
The combined text of all HIPAA regulations published by the Department of Health and Human Services Office for Civil Rights runs to 115 pages and contains many provisions. There are hundreds of ways that HIPAA Rules can be violated, although the most common HIPAA violations are:
Impermissible disclosures of protected health information (PHI)
Unauthorized accessing of PHI
Improper disposal of PHI
Failure to conduct a risk analysis
Failure to manage risks to the confidentiality, integrity, and availability of PHI
Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
Failure to maintain and monitor PHI access logs
Failure to enter into a HIPAA-compliant business associate agreement with vendors prior to giving access to PHI
Failure to provide patients with copies of their PHI on request
Failure to implement access controls to limit who can view PHI
Failure to terminate access rights to PHI when no longer required
The disclosure more PHI than is necessary for a particular task to be performed
Failure to provide HIPAA training and security awareness training
Theft of patient records
Unauthorized release of PHI to individuals not authorized to receive the information
Sharing of PHI online or via social media without permission
Mishandling and mismailing PHI
Texting PHI
Failure to encrypt PHI or use an alternative, equivalent measure to prevent unauthorized access/disclosure
Failure to notify an individual (or the Office for Civil Rights) of a security incident involving PHI within 60 days of the discovery of a breach
Failure to document compliance efforts
Below the excerpt of the said conversation is the HIPPA doc....From what I can tell, the Doc didn't violate it...
Some years ago, my husband sedated a patient for a periodontal surgery. While going under, he reassured her that everything was going well and that he will be taking good care of her.
The patient confidently answered, “I KNOW! YOU ARE A GOOD GUY!”
My husband jokingly asked, “HOW DO YOU KNOW?”
She answered, “IT’S SIMPLE. I WORK FOR ***** AND I RAN YOUR CREDIT. I EVEN KNOW WHERE YOU LIVE.”
After the procedure was done, she did not remember a thing.
Whether it was true or not, we still don’t know to this day. But it is scary to think about….
Health Insurance Portability and Accountability Act (HIPAA) | OHSU
What is a HIPAA Violation?
The Health Insurance Portability and Accountability Act of 1996 is a landmark piece of legislation that was introduced to simplify the administration of healthcare, eliminate wastage, prevent healthcare fraud, and ensure that employees could maintain healthcare coverage when between jobs.
There have been notable updates to HIPAA to improve privacy protections for patients and health plan members over the years which help to ensure healthcare data is safeguarded and the privacy of patients is protected. Those updates include the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Omnibus Rule, and the HIPAA
Breach Notification Rule.
A HIPAA violation is a failure to comply with any aspect of HIPAA standards and provisions detailed in detailed in 45 CFR Parts 160, 162, and 164.
The combined text of all HIPAA regulations published by the Department of Health and Human Services Office for Civil Rights runs to 115 pages and contains many provisions. There are hundreds of ways that HIPAA Rules can be violated, although the most common HIPAA violations are:
Impermissible disclosures of protected health information (PHI)
Unauthorized accessing of PHI
Improper disposal of PHI
Failure to conduct a risk analysis
Failure to manage risks to the confidentiality, integrity, and availability of PHI
Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
Failure to maintain and monitor PHI access logs
Failure to enter into a HIPAA-compliant business associate agreement with vendors prior to giving access to PHI
Failure to provide patients with copies of their PHI on request
Failure to implement access controls to limit who can view PHI
Failure to terminate access rights to PHI when no longer required
The disclosure more PHI than is necessary for a particular task to be performed
Failure to provide HIPAA training and security awareness training
Theft of patient records
Unauthorized release of PHI to individuals not authorized to receive the information
Sharing of PHI online or via social media without permission
Mishandling and mismailing PHI
Texting PHI
Failure to encrypt PHI or use an alternative, equivalent measure to prevent unauthorized access/disclosure
Failure to notify an individual (or the Office for Civil Rights) of a security incident involving PHI within 60 days of the discovery of a breach
Failure to document compliance efforts