Advanced Search

Inpatient Facility Coding & Compliance Alert

Reader Question:

Beware of PHI Breach Within the Facility

Published on Sat Sep 12, 2015

Question: An employee at our hospital accessed records for which he had no legitimate reason to do so. He didn’t tell anyone outside our hospital about any of the information he accessed. Is this still a reportable breach incident, even though the information didn’t leave our hospital?

Idaho Subscriber

Answer: To determine the answer, you must go back to the definition of a breach, which is any acquisition, access, use, or disclosure in violation of the HIPAA Privacy Rule. In this situation, a person accessed the information who wasn’t entitled to look at it. That would be an “access” or a “use.”

But Privacy Rule requirements that involve the “minimum necessary” allow for people to access the information only that their work entitles or requires them to, and refrain from accessing information that is not within their scope of work. The latter would violate the minimum necessary requirements. So, that would be a reportable breach. Even though the information didn’t leave your facility, it was a breach within your facility.

Related Articles

Reader Question: Watch for Potential PHI Slips Before Clicking 'Send'

HIPAA: Don't Let Misunderstanding State Laws Complicate Your Mental Health Compliance

Reader Question: Does Breach of Single Person's PHI Require Notification?

Other Articles in this issue of

Inpatient Facility Coding & Compliance Alert

Policy/Reimbursement:
Fine Tune Your Observation Services With the 2-Midnight Rule and More
Wipe out your woes with this package of 5 tips and 3 examples. The order [...]

Reimbursement/Policy:
Don't Miss 3 Important Changes in the SNF PPS Final Rule
Good news: Expect a boost in your payment rate for FY 2016. The three new [...]

ICD-10 Update:
Draw on ICD-10 Flexibility to Code for Symptoms
Make the grade in symptoms coding with these 4 tips. The clock is ticking, so [...]

Reader Question:
Go By Patient's Status to Determine the POS
Question: A pediatrician admitted and discharged a patient to observation status for 12 hours in the [...]

Reader Question:
Conquer the Combination Codes
Question: A 56-year-old patient presents with chest pain. He is diagnosed with atherosclerotic coronary artery disease [...]

Reader Question:
Beware of PHI Breach Within the Facility
Question: An employee at our hospital accessed records for which he had no legitimate reason to [...]

Reader Question:
Use This Quick Guide to Pinpoint POS Codes
Question: I have heard according to a recent OIG audit, incorrect coding for place of service [...]

You Be the Coder:
Assign the Correct DRG for Pneumonia With Acute Respiratory Failure
Question: A patient is admitted with pneumonia. She also has acute respiratory failure. Which DRG should [...]

View All