Q. I recently tried to access my medical records through the hospital’s patient portal. I had a hard time logging in because it prompted me to enter codes sent to my phone several times. It was difficult to keep track of which code was the most recent. I feel like this was an unreasonable barrier. Usually, you’re given the choice to opt out of multifactor authentication or only have to enter one code along with your password. Do multiple authentication codes represent a significant barrier to patient access?
A patient came to our endoscopy suite for a bronchoscopy due to an abnormal chest X-ray. The physician documented that a transbronchial lung biopsy was obtained from the right upper lobe and the right lower lobe. What would be the correct CPT® codes to report?
Q. My understanding is that HIPAA doesn’t mandate use of a specific security standard. Are we required to keep documentation explaining why we chose a particular security standard? I’ve also been told that we are required to encrypt data according to National Institute of Standards and Technology standards. Is this spelled out in the regulations?