Q. An insurance company is requesting copies of medical records to review our CPT coding. These cases are at least a year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?
Old and inadequate policies and procedures is one of seven shortcomings CMS found in its 2009 audits of healthcare organizations to determine compliance with the HIPAA Security Rule.
Q. Posting resident names and pictures, disclosing minors’ PHI to parents, and unencrypted e-mails
The Prescription Drug Monitoring Program (PDMP) is available in 34 states. Pharmacists are required to report patient names and any controlled substances prescribed. The prescription data are made available to prescribers to assist with pain management and identifying drug-seeking behavior.
Are there any HIPAA-related issues prescribers and pharmacists should be aware of when accessing prescription information or providing it to states?