Almost every digital copier built since 2002 contains a hard drive, like the ones on computers, storing an image of every document copied, scanned, or e-mailed by the machine. This advanced technology has opened a dangerous hole in data security. Used copy machines, which are often resold, can contain lots of sensitive information, including PHI.
Q. An insurance company is requesting copies of medical records to review our CPT coding. These cases are at least a year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?
While your healthcare organization awaits a breach notification final rule from HHS, there are some practical steps you can take to prepare should you need to notify patients of a privacy breach.
It’s the end of the year, and many of us have been on the fast track to EHRs and EDMS installation, so we pause this month for a little levity and to honor all those working so hard behind the scenes. Happy holidays to all the brave health information professionals continuing to blaze the paths of progress in automated medical record documentation!
Old and inadequate policies and procedures is one of seven shortcomings CMS found in its 2009 audits of healthcare organizations to determine compliance with the HIPAA Security Rule.
