Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?
Q . Is it permissible to take pictures of patients (including behavioral health) for identification purposes as a part of the registration process? Do the patients need to sign a consent form before their picture can be taken?
Medical identity theft is on the rise and healthcare organizations need to ensure they are authenticating a patient's identity before providing medical services and products.
Although it hasn't released many details yet, OCR plans to resume its audits to assess compliance with HIPAA privacy, security, and breach notification requirements in 2014. The government agency also plans to expand the audit focus to include business associates (BA).
The healthcare industry is changing rapidly, and if you've been paying attention to the news you've probably noticed the recent wave of hospital mergers.
