What must be included in an accounting of disclosures?

For each disclosure, the accounting must include: (1) The date of the disclosure; (2) the name (and address, if known) of the entity or person who received the protected health information; (3) a brief description of the information disclosed; and (4) a brief statement of the purpose of the disclosure (or a copy of the …

What is an accounting of disclosures Hipaa?

HIPAA Disclosure Accounting or Accounting of Disclosures (AOD) is the action or process of keeping records of disclosures of PHI for purposes other than Treatment, Payment, or Healthcare Operations. You are required by law to provide patients a list of all the disclosures of their PHI that you have made outside of TPO.

What are the six situations when the privacy rule allows disclosure of protected health information without authorization?

A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) …

In which of the following circumstances may a covered entity not disclose PHI?

Which disclosures require reporting for accounting of disclosures?

Disclosures that Commonly Qualify for Accounting An accounting is required if the disclosure is made and no authorization from the patient or patient’s personal representative is obtained: In response to a subpoena or other judicial or administrative proceeding if not accompanied by a patient authorization.

Is there a charge for an accounting of disclosures?

The privacy rule allows a covered entity to charge a cost-based fee for providing an accounting of disclosure (AOD).

Can a patient request an accounting of disclosures?

Patients (or their Personal Representatives – see Yale Policy 5038 – Personal Representatives) may request an accounting of disclosures by submitting a request in writing using the Request for Accounting of Disclosures of Protected Health Information form, or other sufficient written documentation requesting the …

When must a breach be reported?

If a breach affects 500 or more individuals, covered entities must notify the Secretary without unreasonable delay and in no case later than 60 days following a breach. If, however, a breach affects fewer than 500 individuals, the covered entity may notify the Secretary of such breaches on an annual basis.

When can you disclose PHI without authorization?

There are a few scenarios where you can disclose PHI without patient consent: coroner’s investigations, court litigation, reporting communicable diseases to a public health department, and reporting gunshot and knife wounds.

When can PHI be used or disclosed?

In general, a covered entity may only use or disclose PHI if either: (1) the HIPAA Privacy Rule specifically permits or requires it; or (2) the individual who is the subject of the information gives authorization in writing.

What is the covered entity required to do when a patient requests an accounting of disclosures?

(i) The covered entity must temporarily suspend an individual’s right to receive an accounting of disclosures to a health oversight agency or law enforcement official, as provided in § 164.512(d) or (f), respectively, for the time specified by such agency or official, if such agency or official provides the covered …