Question

Create a list of 3 businesses (other than the example below) that a hospital, physician's office, nursing home, or other healthcare organization would contract with that would be considered business associates under HIPAA. For each business associate, please indicate at least one issue that would need special attention and how would the healthcare organization would ensure that PHI was being safeguarded?

Example:
A hospital may choose to contract with a technology recycling company to take care of the disposal of all of its tech items such as computers, printers, and monitors. One special issue that should be noted in the contract is that for any items that contain a hard drive such as desktops, laptops, and some printers, the hard drive must be removed from the device and destroyed using a pneumatic hard drive crusher. In order to ensure that this is done, the hospital could specify that the destruction of the hard drives be done onsite.

Answer 1

Example No.1 A physican asked to busniess associate to send PHI to primary care physician, Busniess associate kept PHI under fax machine and he/she has sent PHI wrong fax number in this scenario PHI is diclosed unintentionally she/he has must inform to Hospital compliance officer immediatly and necessary actions will be taken immediatly

If you print out a record from your EMR and FAX it from its paper form, is it ePHI at this point or PHI? Either way It doesn’t matter, you still have to apply the Safeguard Principle’s notated below.

HIPAA Privacy Rule states in the “Safeguards Principle”: Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use or disclosure.

plan of action:

The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information. When discussing patient health information orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the information by lowering his or her voice

Example 2

receptionist received a call from a unknown person saying that he need contact details and address of the patient XXX and his/she family person is met with an accident I need it immediately and receptionist is provided patient contact details in the way he/she has spoken, after that she has realized that it’s not must not be disclosed in telephonic she/he has immediately informed compliance committee.