Guest Enrico Palatzo Posted April 2, 2003 Posted April 2, 2003 Aside from other restrictions under state and federal law, if a medical provider sends PHI in error to an individual's employer, is the employer's use of such PHI subject to any restrictions under the HIPAA privacy regulations? If so, where is this addressed in the regs. or other DHHS authority? HIPAA privacy regs. state that participant authorizations must state the specific purpose(s) for which disclosure is permitted. May an authorization state that the specific purpose is any reason desired by the covered entity? If not, where is this addressed in the regs. or other DHHS authorit? Thanks.
Steve72 Posted April 3, 2003 Posted April 3, 2003 If a medical provider sends PHI in error to the employer, the medical provider is in trouble. However, at that point, the medical information is outside the HIPAA box, and no longer technically subject to HIPAA rules. However, as you have alluded, there are state law considerations. Misuse of health information received by "accident" would be a very bad idea, in my opinion. There have already been state court rulings that hold that the HIPAA rules are the standard of care for common law breach of privacy claims against non-covered entities involving health information. As for your second question, see 164.508©(1)(iv).
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now