91ÊÓƵ

Topics
Reimbursement
39 healthcare providers sue UnitedHealth Group over Change cyberattack
39 providers sue UHG over Change cyberattack
Revenue Cycle Management
RCM accelerates cash and secures financial healthÌý
RCM accelerates cash and secures financial healthÌý
Strategic Planning
MD Anderson forms oncology partnership with Zambia
MD Anderson forms oncology partnership with Zambia
Capital Finance
HCA Healthcare reaches $17.5 billion in revenue in Q2
HCA Healthcare reaches $17.5B in revenue in Q2
Supply Chain
FDA tells providers to prepare for supply chain disruptions
FDA to providers: Prepare for supply chain disruptions
Accounting & Financial Management
Elevance Health logs $2.3 billion profit in Q2
Elevance Health logs $2.3 billion profit in Q2
Budgeting
Insurers likely to pay $1.1 billion in rebates this fall
Insurers likely to pay $1.1 billion in rebates this fall
Quality and Safety
Hospitals making progress on combating workplace violence
Hospitals making progress on combating workplace violence
Billing and Collections
No Surprises Act implementation coincided with in-network claims growth
NSA implementation coincided with in-network claims growth
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Social media deterring new nurses from entering the field
Social media deterring new nurses from entering the field
Operations
HHS overhauling its tech, cybersecurity and AI functions
HHS overhauling tech, cybersecurity and AI functions
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
UC Davis kicks off $3.74 billion expansion with new patient tower
UC Davis kicks off $3.74 billion expansion
Compliance & Legal
DaVita paying $34 million over kickback allegations
DaVita paying $34 million over kickback allegations
Policy and Legislation
Pair of bills seek to curb nursing shortage
Pair of bills seek to curb nursing shortage
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
Cone Health is second provider to join Risant Health
Cone Health is second provider to join Risant Health
Acute Care
ERs in limbo after Supreme Court ruling on emergency abortion care
ERs in limbo after Supreme Court ruling on emergency abortion care
Ambulatory Care
Walmart announces closing of clinics and virtual care
Walmart is closing clinics and virtual care
Analytics
Lightbeam Health announces partnership with AHIPÌý
Lightbeam Health announces partnership with AHIPÌý
Business Intelligence
Cigna targeting disparities with health equity impact fund
Cigna targeting disparities with health equity impact fund
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blockingÌý
Financial disincentives for providers who commit information blockingÌý
Medicare & Medicaid
Uninsured rate to rise to 8.9% by 2034, CBO finds
CBO: Uninsured rate to rise to 8.9% by 2034
Patient Engagement
Johns Hopkins offering free tuition for low-income earners
Johns Hopkins offering free tuition for low-income earners
Pharmacy
FTC reportedly to sue three largest pharmacy benefit managers
FTC reportedly to sue three largest pharmacy benefit managers
Population Health
White House to award $45.1 million for expanded mental health
White House to award $45.1M for expanded mental health
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Patients less likely to seek virtual behavioral care when paying out-of-pocket
Patients who pay cost-sharing less likely to seek virtual care
Mergers & Acquisitions
GE HealthCare nabs AI ultrasound company for $51 million
GE HealthCare nabs AI ultrasound company for $51 million
View more
Nov 22, 2023 More on Compliance & Legal

Feds settle with St. Joseph's over alleged HIPAA violation

Saint Joseph's Medical Center paid $80,000 to OCR and agreed to implement a corrective action plan.

Jeff Lagasse, Editor

Photo: Blanchi Costella/Getty Images

The U.S. Department of Health and Human Services' Office for Civil Rights has settled with New York-based Saint Joseph's Medical Center for potential violations of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule. The settlement involved the impermissible disclosure of COVID-19 patients' protected health information to a national media outlet.

OCR investigated Saint Joseph's Medical Center after the Associated Press published an article about the medical center's response to the COVID-19 public health emergency, which included photographs and information about the facility's patients. These images were distributed nationally, exposing protected health information including patients' COVID-19 diagnoses, current medical statuses and medical prognoses, vital signs and treatment plans.

The agency determined that St. Joseph's disclosed three patients' protected health information to the Associated Press without first obtaining written authorization from the patients, therefore potentially violating the HIPAA Privacy Rule. Under the HIPAA Privacy Rule, a covered entity (including a healthcare provider) may not use or disclose protected health information.Ìý

The only exceptions are when the HIPAA Privacy Rule permits or requires it, or when the individual whose information is at question (or their personal representative) authorizes it in writing.

Therefore, regulated entities cannot disclose a patient's protected health information to the media without first obtaining written authorization from the patient permitting the entity to do so. This includes when healthcare providers have print or television reporters on the premises.

WHAT'S THE IMPACT?

Saint Joseph's Medical Center paid $80,000 to OCR and agreed to implement a corrective action plan requiring the facility to develop written policies and procedures that comply with the HIPAA Privacy Rule.

The hospital also agreed to train its workforce on the revised policies and procedures. Under this agreement, OCR will monitor St. Joseph's for two years to ensure compliance under the plan and with the law.

THE LARGER TREND

In 2020, OCR addressing how HIPAA permits the use of health information exchanges to disclose protected health information for public health purposes.

A covered entity is required to provide individuals with notice that it discloses protected health information for public health activities, the guidance read.

The guidance outlines several circumstances in which such disclosures are permitted without an individual's authorization, including when the disclosure is required by federal, state, local or other law; when a health information exchange (HIE) is a business associate of the covered entity that wishes to provide the information to a public health authority; and when an HIE is acting under a grant of authority or contract with a public health authority for a public health activity.
Ìý

Twitter: @JELagasse
Email the writer:ÌýJeff.Lagasse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.