This month's Q&A answers to readers' questions on collecting payment, contacting physicians, overhearing medical examinations in the emergency department, and discussing the health of adult children.
The HHS Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) announced last week that they have updated the Security Risk Assessment tool with improved functionality to assess risks to protected health information.
Q: Are we required to keep copies of a former patient’s records after transferring the records to the patient’s new doctor? If we do, are we allowed to charge for copies now that the patient is no longer “our” patient?
HIPAA allows patients to request amendments to their medical records. Facilities are not required to automatically make whatever change a patient requests, but they must allow patients to make the requests and follow a specific process for handling them.
After two delays, the revisions to Federal Policy for the Protection for Human Subjects (45 CFR 46), also known as the “Common Rule,” will now go into effect January 21, 2019.
The University of Michigan Medicine is notifying approximately 3,700 patients about a mailing error that resulted in letters containing personal health information to be sent to the wrong patients.
Q: Where can the policy be found that shows records can be destroyed as soon as they are scanned into the electronic medical record (EMR)? Would a hospital presume that it is acceptable to destroy paper records after they are scanned into the EMR if electronic storage media is legally acceptable for medical records in its state?
Q: When I returned to work after being out for a month on short-term disability, I was disciplined because of my doctor's excuse, which I only gave to medical but somehow was released to the human resources (HR) department. Could this release of my medical information to HR be a HIPAA violation?
Millions of medical records are sent to insurance companies every year by hospital and health system business office personnel to expedite claims payment, respond to payer audits, or fulfill other payer denial requests for information. And any time medical records are handled, HIPAA concerns come into play.
