Archives: Privacy

Subscribe to Privacy RSS Feed

Don’t Forget HIPAA’s “Minimum Necessary” Rule When Making Health Information Disclosures

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or “PHI,” as defined in HIPAA) is permissible, they should be sure also to analyze whether the disclosure complies with HIPAA’s Minimum Necessary Rule (“MNR”), which is oft forgot. This issue arises when disclosing PHI in response … Continue Reading

Press Release Mistake Leads to $2.4 Million HIPAA Penalty for Health System

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (“OCR”) announced an agreement whereby Memorial Hermann Health System (“MHHS”) will pay a $2.4 million penalty for releasing a patient’s name in a press release.  According to the resolution agreement, in September 2015, a patient at an MHHS clinic presented … Continue Reading
LexBlog