A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them The doctor does not have written authorizations to disclose Protected Health Information (PHI) . Is the doctor in violation of the Privacy Rule?
A) No - This would be considered an allowed "routine disclosure between the doctor and his business partner.
B) Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.
C) Yes - a delivery service is not considered a covered entity.
D) Yes - to be a "routine disclosure" all the parties must have their own Privacy Officer as mandated by l-IIPAA.
E) Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule.
Correct Answer:
Verified
Q34: Select the FALSE statement regarding the responsibilities
Q35: Health information is protected by the Privacy
Q36: Which one of the following security standards
Q37: The key objective of a contingency plan
Q38: A business associate:
A) Requires PKI for the
Q40: The office manager of a small doctor's
Q41: In terms of Security, the best definition
Q42: A provider is in compliance with the
Q43: This transaction, which is not a HIPAA
Q44: As part of their HIPAA compliance process,
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents