I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA. Faithful blog readers can guess my first question: “Was the sender a covered entity, business associate, or subcontractor?” Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition
duty to warn
This Just In: Guidance for Health Care Providers, and the Omnibus Rule
By William Maruca on
Posted in HIPAA Enforcement
With gun violence and mental health concerns in the headlines, the Office of Civil Rights of the Department of Health and Human Services has published a letter to health care providers clarifying when it is permissible to reveal PHI when a patient is reasonably believed to present a serious danger to himself or others. The long-awaited …