When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or “PHI,” as defined in HIPAA) is permissible, they should be sure also to analyze whether the disclosure complies with HIPAA’s Minimum Necessary Rule (“MNR”), which is oft forgot. This issue arises when disclosing PHI in response … Continue Reading
On January 9, 2017, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced the first HIPAA enforcement action against a health care provider for failing to make a timely report of a breach of unsecured protected health information (PHI). Presence Health (Presence) agreed to pay $475,000 and implement a corrective action … Continue Reading