Elizabeth G. Litten was featured in the AHC Media article, "Denying Release of PHI Can be a HIPAA Violation." Full text can be found in the February 29, 2016, issue, but a synopsis is below.
Although risk managers find it necessary to safeguard protected health information (PHI) to comply with the Health Insurance Portability and Accountability Act (HIPAA), there are some instances when failing to provide PHI can lead to liability.
"HIPAA is a double-edged sword for risk managers," says Elizabeth G. Litten, partner and HIPAA privacy officer with Fox Rothschild LLP. "You have an obligation to protect information, but you also have an obligation to disclose it."
Risk managers should remember that, no matter how much education has been provided to staff members, they will not understand the intricacies of HIPAA compliance as well as the risk manager or compliance officer, Litten says.
The limited knowledge of HIPAA compliance from general staff should be taken into consideration when advising on how to handle difficult decisions or circumstances.
"With people who have a sketchy knowledge of HIPAA, their tendency is to be very conservative when patient information is involved," Litten says. "You may think you have provided a solid education on HIPAA, but when a request comes in during a busy workday, what they remember is you telling them to protect that information and all the bad outcomes that can result if they don't."
Click here to view the full article.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
