If an ambulance that is not affiliated with our organization transports a patient to our facility, can we give them PHI to use for their billing? Do we need the patient's written authorization?
Q: Some organizations consider any medical record number to be PHI. Others believe the medical record number is not a personal identifier—unless the security number is the medical record number—because anyone who would intercept that number would have no way of identifying the patient based on the number alone.
Q. Is an authorization required when releasing HIV testing results/information via a health information exchange? If not, what other state/federal regulation may govern sensitive information related to HIV test results or treatment?
I am updating the notice of privacy practices and accounting of disclosures policy for my organization. Do any of the new, finalized rules indicate that the accounting of disclosures covers disclosures for treatment, payment, and healthcare operations?
Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?
Q. Is it acceptable for admitting and patient registration staff to photograph patients upon check- in for identification purposes? Is it permissible to take pictures of behavioral health patients for the same purpose?
