Q: I am employed by an acute care psychiatric hospital. The hospital's police department will sometimes take photographs of injuries patients have at the time of admission.
Q: My employer is trying to monitor its systems more closely. Which systems in particular are the most important with respect to monitoring? Which activities should the organization monitor?
If an ambulance that is not affiliated with our organization transports a patient to our facility, can we give them PHI to use for their billing? Do we need the patient's written authorization?
Q: Some organizations consider any medical record number to be PHI. Others believe the medical record number is not a personal identifier—unless the security number is the medical record number—because anyone who would intercept that number would have no way of identifying the patient based on the number alone.
Q. Is an authorization required when releasing HIV testing results/information via a health information exchange? If not, what other state/federal regulation may govern sensitive information related to HIV test results or treatment?
