Q: I have heard that HIPAA says covered entities must keep data backups a minimum of five miles away from the original site where the data was collected. Is this correct? Are there any restrictions or guidance about the location of data backups?
It can be impractical for medical researchers to seek authorization from all the patients whose medical records are sought for a study. That’s why HIPAA allows researchers to use de-identified PHI from records without individual authorization.
Q: I work for a behavioral health recovery center, and many of our programs fall under 42 CFR Part 2, as we provide substance use services. Sometimes a referring agency follows up to ask if a client has scheduled an appointment. Can we confirm that a patient has made an appointment? Do referral appointments like this fall under PHI?
On June 11, CMS published a Request for Information (RFI) as part of its Patients Over Paperwork initiative to collect public input on ways to reduce unnecessary administrative and regulatory burden.
Inpatient rehabilitation facility documentation compliance is coming under scrutiny. Learn how you can improve processes, strengthen compliance, and avoid costly audits.
