Ellen,
This is one of those HIPAA topics where we would advise hanging a large
"Proceed with Caution" sign, and where we would welcome additional guidance
from HHS.
Section 164.528(a)(1)(iii) of the Privacy rules --Accounting of disclosures
of protected health information-- notes that HIPAA does
My understanding is that this is a "use" (albeit inappropriate) and not
necessary to put in the accounting log. However, if this information was
then "disclosed" outside the entity, it would need to be accounted for. I
asked this question a few weeks agothe piece I was interested in was
wheth
I
greatly value the opinions of this listserv, and am indebted to its
participants. However, I am very concerned about participants who do not
identify themselves, and hide behind nebulous entity names. I would like
to ask the listserv admin to enforce the need for attribution, and make su
When an employee of a covered entity accesses PHI and it is determined that
this was done wrongly (say, violating the minimum necessary requirements for
that employee, or just plain inappropriate access someone's PHI by the
employee), would this result in the employer having to log it into the
acco
