HospitalInspections.org

Review of the hospital's P & P for PHI, effective 9/25/08, showed the hospital would limit the disclosure of PHI to the minimum necessary. Written authorization would be required before disclosing PHI for purposes other than treatment, payment or healthcare operations.

On 7/19/10, the Department was notified of an information breach that occurred on 7/12/10. During an interview on 11/18/10, the HIPAA Regulatory Compliance Officer stated Patient 98 had reported that MD E had discussed the patient's HIV (Human Immunodeficiency Virus,a lentivirus that causes acquired immunodeficiency) status in front of a visitor who was unaware of the patient's condition. According to the privacy officer, MD E verified this had occurred.

On 11/19/10, review of the hospital's investigation of the event corresponded with the findings discussed in the interview with the HIPAA Regulatory Compliance Officer.