Q: We see many assertions that encryption at the right level meets the National Institute of Standards and Technology (NIST)/HIPAA safe harbor provision with no explanation of what is necessary to prove the breached electronic protected health information (PHI) was actually encrypted at the moment of breach. How can a covered entity prove the PHI was actually encrypted at the time of the breach?
Documentation and coding based on time requires knowledge about the general principles of E/M documentation, common sets of codes used to bill for E/M services, and E/M services providers.
Handling requests for information from law enforcement can throw staff for a loop. Most staff are aware of their organization’s policies and the basic HIPAA requirements for disclosing patient information to family members, friends, and other individuals such as legal guardians. But handling requests from law enforcement officials can be a different matter.
Q: Ever since we moved to an electronic health record (EHR), our HIM department has noticed some physicians copying and pasting information from previous records. How do we know when this is allowed or when we can query the provider to clarify?
