Q: We need to train a wide range of employees on HIPAA — from physicians to temporary nursing staff hired through a staffing agency to medical scribes and coders. Should we utilize the same HIPAA training methods across the board? Or do you recommend that we develop different training methods for each department? How should we go about doing that?
Q: If a patient is incapacitated, the Privacy Rule allows for a doctor to discuss the patient’s condition with a family member, according to HHS. What would the protocol be when the patient is divorced, but the ex-husband or ex-wife makes an inquiry about the patient’s status?
Q: I understand that disclosures of PHI can be made to law enforcement without patient authorization when the patient is suspected of committing a crime. What disclosures are permitted when law enforcement officials are investigating another person of a crime and a patient’s PHI may or may not provide evidence?
Q: Do you know if offices have any tablets or computers people can use in which they might log into an account? If so, are there rules governing password retention or auto logouts they need to consider?
Hospitals, health systems, and long-term care facilities are being challenged by census workers requesting information about patients and residents to conduct an accurate census. Some have gone as far as stating that they have a right to access hospital electronic health records (EHR).
