Q&A: Printing medical records at a home office
Q. I am told if I elect to work from home, I will not be allowed to print any medical records. My home office is secure and I have a shredder. Would printing medical records violate HIPAA, or is this too restrictive?
A. Printing records in a secure home office or other remote secure location is not a HIPAA violation. The key is the environment must be secure, and if the documents are shredded, you must be using at a minimum a cross-cut shredder. However, covered entities (CE) and business associates (BA) may adopt more stringent privacy and security practices than HIPAA requires. If a CE or BA believes that allowing staff in remote offices to print documents containing protected health information (PHI) is an unacceptable risk, the CE or BA may adopt a more stringent practice of not permitting the printing of PHI at remote locations, secure or not.
Editor's note: This question was answer by Chris Apgar, CISSP. Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a Briefings on HIPAA editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Editor Nicole Votta at nvotta@hcpro.com.