Question

Debbie, an HIM professional, was recently hired as the privacy officer at a large physician practice. She observes the following practices, all of which occur without patient authorization. Which is a violation of the HIPAA privacy rule?

a) Sharing patient information with healthcare providers involved in the patient's care
b) Disclosing patient information for insurance claims processing
c) Selling patient information to pharmaceutical companies
d) Using patient information for research with proper consent

Answer 1

The act of selling patient information to pharmaceutical companies without patient authorization is a violation of the HIPAA privacy rule.

Step-by-step explanation:

Which practice observed by Debbie, a privacy officer at a large physician practice, is a violation of the HIPAA privacy rule without patient authorization? The answer is c) Selling patient information to pharmaceutical companies. Under HIPAA, protected health information (PHI) can be used for treatment purposes, payment activities, and certain healthcare operations without patient authorization. Therefore, a) Sharing patient information with healthcare providers involved in the patient's care and b) Disclosing patient information for insurance claims processing are generally permissible under HIPAA. Additionally, d) Using patient information for research is allowed if there is proper informed consent. However, selling PHI to third parties for marketing without patient consent is explicitly prohibited by HIPAA.