HHS published HIPAA to not only protect PHI but to assist treatment providers in caring for the patient without requiring patient authorization in order to share their PHI. Most importantly sensitive PHI and HIPAA is a topic requiring special attention. For example, it is permissible to share protected health information with health care providers who will treat the patient in their office or after hospital discharge. In addition, the sharing may be electronically and must be in a manner that is compliant with the Security Rule.
State Laws Protecting PHI
HHS created HIPAA to protect all PHI (Protected Health Information) equally whether it’s sensitive or not. In addition to this law states have created regulations that offer an even more strict protection. Of importance the state of Ohio offers increased protection to psychiatric and mental health records and to HIV, AIDS and AIDS related condition records. Sensitive PHI and HIPAA remains a challenge for many practitioners.
Impermissible Use of PHI
Also we present an important lesson from which to learn if one fails to follow these regulations. As an example recently he U.S. Department of Health & Human Services(HHS), Office for Civil Rights (OCR), has announced a settlement based on impermissible disclosure of HIV protected health information (PHI). St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid HHS $387,200 to settle potential violations of the HIPAA Privacy Rule and agreed to implement a comprehensive corrective action plan.
Furthermore, the Resolution Agreement and Corrective Action Plan is found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/StLukes/index.html
Feel free to contact us if you have any questions about protecting HIV PHI.