[ Wednesday, December 13, 2017 ]
Portland, ME: The city had some sort of program providing services to citizens with HIV, and after the program terminated, the city shared information on 200 HIV patients with the University of Southern Maine to help determine if there were gaps in the way it provided the services, or if it could have operated the program better.
The city claims the data sharing
did not violate HIPAA because it was for research purposes, and it may be right, but probably only if USM had an independent review board determine that the university program had enough protections in place that patient authorization was not required.
Nevertheless, the city has apologized. Perhaps not illegal, but perhaps not a good idea either.
Jeff [7:22 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template