If an ambulance that is not affiliated with our organization transports a patient to our facility, can we give them PHI to use for their billing? Do we need the patient's written authorization?
The HITECH Act, which included changes to the HIPAA Privacy and Security Rules, was signed into law by President Obama in February 2009-a full five years ago.
Although the majority of the provisions of the HIPAA Omnibus Rule have become effective, many Breach Notification Rule revisions cause confusion for organizations.
Q: Some organizations consider any medical record number to be PHI. Others believe the medical record number is not a personal identifier—unless the security number is the medical record number—because anyone who would intercept that number would have no way of identifying the patient based on the number alone.
