Reprinted from REPORT ON PATIENT PRIVACY, the industry’s most practical source of news on HIPAA patient privacy provisions.
The caseworker probably thought she was doing the right thing by sharing with the patient’s daughter that the woman had become increasingly paranoid. But when the daughter confronted the mother with knowledge of her decline, the mother was rightfully outraged — the daughter was not authorized to receive protected health information about her.
The mother filed a complaint with the hospital where she was an outpatient. And the privacy officer must now report this incident to the Office for Civil Rights, under the breach notification requirements contained in the HITECH Act provisions of the Recovery Act.
Read more on AISHealth.com.