Sue is the privacy officer for a chain pharmacy and responsible for HIPAA compliance. Top management has told Sue that they do not want to be caught with any HIPAA violations or to be subject to any HIPAA complaints. In keeping with this philosophy, Sue has developed an extensive list of rules with which each pharmacy and its staff are expected to comply. Some of these rules include:

a. Only the patient may sign the acknowledgment of the privacy notice.

b. At least 90% of each pharmacy’s patients must have signed an acknowledgment.

c. Patients may not be called by name to pick up their prescriptions.

d. The pharmacist shall not counsel anyone other than the patient, unless the patient provides written authorization.

e. No counseling may occur, unless it is absolutely certain that other patients will not hear the counseling.

f. No information will be shared with the patient’s physicians, unless the patient provides written authorization.

g. No information will be shared with other pharmacies where the patient does business, unless the patient provides written authorization.

h. No information will be shared with a patient’s agents, relatives, or friends without written patient authorization.

i. No refill reminder information may be sent to patients without written patient authorization.