Practice Management Alert

READER QUESTIONS:

Are You Required to Report Both Wrongful and Incidental Disclosures?

Question: What is the difference between a wrongful and an incidental disclosure of protected health information (PHI)? Also, do we have to report both types of violations when compiling an accounting of disclosures?


Minnesota Subscriber
Answer: An incidental disclosure is when PHI is shared inadvertently with unauthorized users during the performance of day-to-day operations in your medical office.

For example, a patient in exam room A hears a doctor talking to another patient in exam room B. This is an incidental disclosure.

A wrongful disclosure is when you share PHI with unauthorized users outside of the office's day-to-day operations.

For example, a biller overhears another staffer disclosing her password and log-in information for the office computer system. The biller then uses the incorrect password and log-in to access the practice's medical records.

This is an example of wrongful disclosure of PHI.

Remember: Your office must note all of its wrongful disclosures, which are vital when compiling an accounting of disclosures for auditors. You are not required to list incidental disclosures of PHI.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more