Confidentiality, Privacy and Security

Breach of PHI?

  • 1.  Breach of PHI?

    Posted 22 days ago
    Our pastor that is hired for our organization holds a church service every year and during this service he states the first and last name of the residents that have passed away in the last year.  This year due to COVID we could not hold this service within our facility, so it was recorded and posted on line? Would this be considered a breach of PHI if only the first and last name was mentioned.  Thanks for your input.

    ------------------------------
    Tina Streit
    Him Manager
    ------------------------------


  • 2.  RE: Breach of PHI?

    Posted 21 days ago
    A church is not subject to HIPAA and probably doesn't have a BAA in place with a covered entity. so it is not likely a breach of PHI,  however it is a release of PII although the church probably doesn't have to comply to PCI-DSS or GLBA
    --
    Thanks Kris

    Kris Lundell MBA,  CIPP/US, CiPT, CHP, CHPS, HCISPP
    Privacy and Security Consultants LLC





  • 3.  RE: Breach of PHI?

    Posted 21 days ago
    What if the church is part of our organization and the pastor is also an employee of our organization?

    ------------------------------
    Tina Streit
    Him Manager
    ------------------------------



  • 4.  RE: Breach of PHI?

    Posted 21 days ago
    So you are the covered entity and the church is part of your organization?

    If that is the case then you possibly have an unauthorized disclosure of PHI


    --
    Thanks Kris

    Kris Lundell MBA,  CIPP/US, CiPT, CHP, CHPS, HCISPP
    Privacy and Security Consultants LLC