View Only
  • 1.  Clinic patient names

    Posted 12 days ago

    HipAA inquiry.

    Who is responsible for HiPAA compliance when a non-profit that is not a medical entity provides a site and equipment for licensed therapists to work with participants under a grant? 

    Can participants first names be publicly posted on a schedule stating "Clinic"? 

    Cynthia Koroll
    Nurse attorney
    Koroll Litigation Group, Ltd
    Default Blank

  • 2.  RE: Clinic patient names

    Posted 12 days ago


    We are a covered entity and we lease space from a non-profit, non-medical organization (we provide physical therapy services).  We, as the covered entity, are responsible for HIPAA compliance, not the non-medical organization.  I always err on the side of caution. 

    My first question would be, "Why would you want to publicly post a schedule (what function would it serve)?"  My second question would then be, "Is there another way to accomplish this function?"


    ******************************************* This message and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

    Default Blank

  • 3.  RE: Clinic patient names

    Posted 11 days ago
    Here's the definition of a Covered Entity from the HHS website.

    The therapists would be the ones responsible for HIPAA compliance if the meet the criteria below, but  publicly posting names makes me uncomfortable, and the therapists might have issue with it as well.

    A Covered Entity is one of the following:

    A Health Care Provider A Health Plan A Health Care Clearinghouse

    This includes providers such as:

    • Doctors
    • Clinics
    • Psychologists
    • Dentists
    • Chiropractors
    • Nursing Homes
    • Pharmacies

    ...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.

    This includes:

    • Health insurance companies
    • HMOs
    • Company health plans
    • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
    This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

    Renata Chase
    Compliance Manager/Privacy Officer

    Default Blank