Why would a HIPAA Privacy Rule require covered entities to turn over anybodys personal health information as part of a government enforcement process?
An important ingredient in ensuring compliance with the Privacy Rule is the Department of Health and Human Services (HHS) responsibility to investigate complaints that the Rule has been violated and to follow up on other information regarding noncompliance. At times, this responsibility entails seeing personal health information, such as when an individual indicates to the Department that they believe a covered entity has not properly handled their medical records. What information would be needed depends on the circumstances and the alleged violations. The Privacy Rule limits HHS Office for Civil Rights (OCR) access to information that is “pertinent to ascertaining compliance.” In some cases, no personal health information may be needed. For instance, OCR would need to review only a business contract to determine whether a health plan included appropriate language to protect privacy when it hired an outside company to help process claims.
Related Questions
- Why would a HIPAA Privacy Rule require covered entities to turn over anybodys personal health information as part of a government enforcement process?
- Does the public health provision of the HIPAA Privacy Rule require covered entities to make public health disclosures?
- Does the HIPAA Privacy Rule require that covered entities provide patients with access to oral information?
