Category: Health Information Technology
Topics:
Business Associates, Health Information Technology, Security Rule
First, a business associate may not use PHI in a manner or to accomplish a purpose or result that would violate the HIPAA Privacy Rule. See 45 CFR § 164.502(a)(3).
First, a business associate may not use PHI in a manner or to accomplish a purpose or result that would violate the HIPAA Privacy Rule. See 45 CFR § 164.502(a)(3).
First, a business associate may not use PHI in a manner or to accomplish a purpose or result that would violate the HIPAA Privacy Rule. See 45 CFR § 164.502(a)(3).
Health Information Technology, Accountability
What is a covered entity's liability under the HIPAA Privacy Rule for sharing data inappropriately to or through a health information organization (HIO) or other electronic health information exchange network?
Does the HIPAA Privacy Rule require a covered entity to “police” a health information organization (HIO), which functions as its business associate?
How should a covered entity respond to any HIPAA Privacy Rule violation of a health information organization (HIO) acting as its business associate?
Who is liable under the HIPAA Privacy Rule where multiple covered entities have signed on to a single business associate agreement and one member breaches the agreement?
Does the HIPAA Privacy Rule require a covered entity to “police” a health information organization (HIO), which functions as its business associate?
How should a covered entity respond to any HIPAA Privacy Rule violation of a health information organization (HIO) acting as its business associate?
What is a covered entity's liability under the HIPAA Privacy Rule for sharing data inappropriately to or through a health information organization (HIO) or other electronic health information exchange network?
Who is liable under the HIPAA Privacy Rule where multiple covered entities have signed on to a single business associate agreement and one member breaches the agreement?
Health Information Technology, Collection, Use, and Disclosure Limitation
To what extent does the HIPAA Privacy Rule allow third parties to access protected health information (PHI) through a health information organization (HIO) for purposes other than treatment, payment, and health care operations?
May a health information organization (HIO), acting as a business associate of a HIPAA covered entity, de-identify information and then use it for its own purposes?
What may a HIPAA covered entity’s business associate agreement authorize a health information organization (HIO) to do with electronic protected health information (PHI) it maintains or has access to in the network?
May a health information organization (HIO) manage a master patient index on behalf of multiple HIPAA covered entities?
may a covered health care provider disclose electronic protected health information (PHI) through a health information organization (HIO) to another health care provider for treatment?
May a health information organization (HIO) manage a master patient index on behalf of multiple HIPAA covered entities?
To what extent does the HIPAA Privacy Rule allow third parties to access protected health information (PHI) through a health information organization (HIO) for purposes other than treatment, payment, and health care operations?
May a health information organization (HIO), acting as a business associate of a HIPAA covered entity, de-identify information and then use it for its own purposes?
What may a HIPAA covered entity’s business associate agreement authorize a health information organization (HIO) to do with electronic protected health information (PHI) it maintains or has access to in the network?
may a covered health care provider disclose electronic protected health information (PHI) through a health information organization (HIO) to another health care provider for treatment?
Health Information Technology, Collection, Use, and Disclosure Limitation, Mental Health, Mental Health Information and Psychotherapy Notes
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Health Information Technology, Collection, Use, and Disclosure Limitation, Minimum Necessary - Smaller Providers and Businesses
How may the HIPAA Privacy Rule’s minimum necessary standard apply to electronic health information exchange through a networked environment?
How may the HIPAA Privacy Rule’s minimum necessary standard apply to electronic health information exchange through a networked environment?
How may the HIPAA Privacy Rule’s minimum necessary standard apply to electronic health information exchange through a networked environment?
Health Information Technology, Correction
What are a covered entity’s responsibilities to notify others in a network if an amendment to protected health information is made?
Who is responsible for amendment of protected health information in an electronic health information exchange environment?
Who is responsible for amendment of protected health information in an electronic health information exchange environment?
What are a covered entity’s responsibilities to notify others in a network if an amendment to protected health information is made?
Health Information Technology, Access Right and HIT, Generally, Right to Access and Research
How may judgments be made electronically about denial of access under the HIPAA Privacy Rule?
How would a covered entity or health information organization (HIO), acting on its behalf, know if someone were a personal representative for the purpose of granting access under the HIPAA Privacy Rule?
How may judgments be made electronically about denial of access under the HIPAA Privacy Rule?
How would a covered entity or health information organization (HIO), acting on its behalf, know if someone were a personal representative for the purpose of granting access under the HIPAA Privacy Rule?
How would a covered entity or health information organization (HIO), acting on its behalf, know if someone were a personal representative for the purpose of granting access under the HIPAA Privacy Rule?
How may judgments be made electronically about denial of access under the HIPAA Privacy Rule?
Health Information Technology, Individual Choice
Does the HIPAA Privacy Rule inhibit electronic health information exchange across different states or jurisdictions?
How do HIPAA authorizations apply to an electronic health information exchange environment?
Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to Opt-In or Opt-Out of electronic health information exchange?
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Who has the right to consent or the right to request restrictions with respect to whether a covered entity may electronically exchange a minor’s protected health information to or through a health information organization (HIO)?
Does the HIPAA Privacy Rule inhibit electronic health information exchange across different states or jurisdictions?
How do HIPAA authorizations apply to an electronic health information exchange environment?
Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to Opt-In or Opt-Out of electronic health information exchange?
Who has the right to consent or the right to request restrictions with respect to whether a covered entity may electronically exchange a minor’s protected health information to or through a health information organization (HIO)?
Does the HIPAA Privacy Rule permit a covered entity to disclose psychotherapy notes to or through a health information organization (HIO)?
Health Information Technology, General
Is a health information organization (HIO) covered by the HIPAA Privacy Rule?
Can a health information organization (HIO) operate as a business associate of multiple covered entities participating in a networked environment?
Can a health information organization (HIO) participate as part of an affiliated covered entity?
What are some considerations in developing and implementing a business associate agreement with a health information organization (HIO)?
Can a health information organization (HIO) participate as part of an organized health care arrangement (OHCA)?
Can a health information organization (HIO), as a business associate, exchange protected health information (PHI) with another HIO acting as a business associate?
Can a health information organization (HIO), as a business associate, exchange protected health information (PHI) with another HIO acting as a business associate?
Is a health information organization (HIO) covered by the HIPAA Privacy Rule?
Can a health information organization (HIO) operate as a business associate of multiple covered entities participating in a networked environment?
What are some considerations in developing and implementing a business associate agreement with a health information organization (HIO)?
Can a health information organization (HIO) participate as part of an organized health care arrangement (OHCA)?
Can a health information organization (HIO) participate as part of an affiliated covered entity?
Health Information Technology, Access Right and HIT, Generally
In an electronic health information exchange environment, what is a designated record set for purposes of an individual’s right of access under the HIPAA Privacy Rule?
In an electronic health information exchange environment, what is a designated record set for purposes of an individual’s right of access under the HIPAA Privacy Rule?
Health Information Technology, Mental Health
Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to decide whether sensitive information about them may be disclosed to or through a health information organization (HIO)?
Can a covered entity use existing aspects of the HIPAA Privacy Rule to give individuals the right to decide whether sensitive information about them may be disclosed to or through a health information organization (HIO)?
Health Information Technology, Access Right, Apps and APIs
Does HIPAA require a covered entity or its EHR system developer to enter into a business associate agreement with an app designated by the individual in order to transmit ePHI to the app?
Can a covered entity refuse to disclose ePHI to an app chosen by an individual because of concerns about how the app will use or disclose the ePHI it receives?
Where an individual directs a covered entity to send ePHI to a designated app, does a covered entity’s electronic health record (EHR) system developer bear HIPAA liability after completing the transmission of ePHI to the app on behalf of the covered entity?
What liability does a covered entity face if it fulfills an individual’s request to send their ePHI using an unsecure method to an app?
Does a HIPAA covered entity that fulfills an individual’s request to transmit electronic protected health information (ePHI) to an application or other software (collectively “app”)
Does HIPAA require a covered entity or its EHR system developer to enter into a business associate agreement with an app designated by the individual in order to transmit ePHI to the app?
Can a covered entity refuse to disclose ePHI to an app chosen by an individual because of concerns about how the app will use or disclose the ePHI it receives?
Where an individual directs a covered entity to send ePHI to a designated app, does a covered entity’s electronic health record (EHR) system developer bear HIPAA liability after completing the transmission of ePHI to the app on behalf of the covered entity?
What liability does a covered entity face if it fulfills an individual’s request to send their ePHI using an unsecure method to an app?
Does a HIPAA covered entity that fulfills an individual’s request to transmit electronic protected health information (ePHI) to an application or other software (collectively “app”)
Health Information Technology, Openness and Transparency
Are health information organizations (HIOs) required to have a HIPAA Notice of Privacy Practices (NPP)?
May covered entities that operate in electronic environments provide individuals with their HIPAA Notice of Privacy Practices (NPP) electronically?
May a HIPAA Notice of Privacy Practices (NPP) specifically mention that protected health information (PHI) will be disclosed to and through a health information organization (HIO)? May the NPP mention that the covered health care provider uses an electronic health record (EHR)?
Are health information organizations (HIOs) required to have a HIPAA Notice of Privacy Practices (NPP)?
May covered entities that operate in electronic environments provide individuals with their HIPAA Notice of Privacy Practices (NPP) electronically?
May a HIPAA Notice of Privacy Practices (NPP) specifically mention that protected health information (PHI) will be disclosed to and through a health information organization (HIO)? May the NPP mention that the covered health care provider uses an electronic health record (EHR)?
Health Information Technology, Safeguards - Health Information Technology
Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
How may the HIPAA Privacy Rule’s requirements for verification of identity and authority be met in an electronic health information exchange environment?
Does the HIPAA Privacy Rule permit a covered health care provider to e-mail or otherwise electronically exchange protected health information (PHI) with another provider for treatment purposes?
Does the HIPAA Privacy Rule allow covered entities participating in electronic health information exchange with a health information organization (HIO) to establish a common set of safeguards?
Does the HIPAA Privacy Rule permit a covered health care provider to e-mail or otherwise electronically exchange protected health information (PHI) with another provider for treatment purposes?
How may the HIPAA Privacy Rule’s requirements for verification of identity and authority be met in an electronic health information exchange environment?
Does the HIPAA Privacy Rule allow covered entities participating in electronic health information exchange with a health information organization (HIO) to establish a common set of safeguards?
Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?