Accounting for disclosures requires an individual to be informed of [...]
To provide individuals with an accounting for disclosures, does a covered entity have to document each medical record that may be accessed by a public health authority in the course of surveillance activities that involve all patient records?
The Privacy Rule does not require a notation in each [...]
No. The Privacy Rule does not require covered entities to [...]
Must a covered entity provide an accounting for disclosures if the only information disclosed to a public health authority is in the form of a limited data set?
No, a covered entity is not required to provide an [...]
When must a covered entity account for disclosures of protected health information made during the course of litigation?
Individuals have a right to receive, upon request, an accounting [...]
Are covered entities required to document incidental disclosures permitted by the HIPAA Privacy Rule, in an accounting of disclosures provided to an individual?
No. The Privacy Rule includes a specific exception from the [...]
May a covered entity hire a business associate to create a limited data set, and may the public health authority be a business associate for that purpose, even if the public health authority is also the intended recipient of the limited data set?
A covered entity may enter into a business associate agreement [...]
Does the HIPAA Privacy Rule require a business associate to provide individuals with access to their protected health information or an accounting of disclosures, or an opportunity to amend protected health information?
The Privacy Rule regulates covered entities, not business associates. The [...]