Doctor using AI to de-identify protected health information (PHI)

What Counts for De-Identification of Protected Health Information in the Age of AI?

As per HIPAA, a covered entity cannot disclose protected health information unless the referenced patient (or guardian/representative) gives authorization. Or there’s an exception to that requirement.   So, what IS protected health information (PHI)?  Protected health information is information, including demographic information, which relates to:  For example, a medical record, laboratory report, or hospital bill would … Read more

Doctor using tablet

Refresher on HIPAA: Could You Be Violating It Without Knowing?

HIPAA is not a “set it and forget it” rulebook. It’s a living framework that evolves as technology changes, as patient expectations shift, and as regulators redefine what qualifies as protected health information (PHI). Even if you haven’t touched your privacy policies in years, you might still be violating HIPAA today—without realizing it.  Let’s look … Read more

Judge looking at a document before making a decision

Court Rebukes HHS, Ruling it Over-Reached with HIPAA and New Edicts on Tracking Technology

The Department of Health and Human Services (HHS) issued a guidance document called Online Tracking Bulletin. It then revised that document. The AHA, joined by the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, sued in November 2023 arguing that HHS over-reached and that the bulletin was unlawful.  This was not … Read more

Female physician looking at patient information on laptop and tablet

Can you store protected health information on iCloud?

Can You Store Protected Health Information on iCloud?  No.   The information stored on a cloud provider must be transported to and stored securely. How secure? Reasonably secure. iCloud likely meets that test.  In addition, there must be a signed Business Associate Agreement (BAA) in place before Protected Health Information PHI is transferred between organizations. This … Read more

Frustrated doctor dealing with angry patient online

Can You Win a Debate Posting a Patient’s Pics Online?

This question hit my desk. I’ve received some version of this same question over and over.   A plastic surgeon performed aesthetic surgery on a patient. Objectively the results look good. Subjectively, the patient disagrees.   Sound familiar?  There’s a conflict. The patient takes the conflict online. She posts photos which are a few days post-op. They … Read more

Health System Refuses to Pay $5M+ Ransom to Prevent Leaked Nude Photos, Pays $65M to Settle Lawsuit Based on Released Photos

Physicians take all sorts of photographs. Some are part and parcel of a surgeon’s practice. Before and after photos of cosmetic surgery. For example. No surprises there.   Patients of Lehigh Valley Health Network were surprised that hackers obtained photos of their naked bodies while undergoing radiation treatment.   Hackers breached the network.   A Lehigh Valley Health … Read more

Does a Patient Need to Sign a HIPAA Authorization Form to Receive Their Own Records?

Generally, a patient needs to sign a HIPAA authorization form to disclose their protected health information. Unless there’s an exception. Such as addressing Treatment, Payment, or Operations (“TPO”). No written authorization is needed for such exceptions – for example, to disclose limited protected health information to resolve a financial dispute (say, a credit card chargeback … Read more

Latest Posts from Our Blog