Q. May a preadmission nurse leave messages (e.g., “This is a reminder that your surgery is tomorrow; please don’t drink or eat anything after midnight.”) on an answering machine or mobile phone voice mail?
Many physicians and physician practices have gotten a break from the Red Flags Rule—the law intended to prevent identity theft and medical identity theft—thanks to Congress.
It appears OCR and state attorneys general will be taking a more serious approach to enforcing HIPAA and HITECH. It’s essential that covered entities (CE) and business associates (BA) who haven’t begun a security compliance review do so. This is a requirement of the HIPAA Security Rule evaluation standard.
“Patient revenue trumps privacy and risk management,” according to the sponsor of a new study that gives healthcare organizations failing grades for not adequately protecting patients’ PHI.
Q. An insurance company is requesting copies of medical records to review our CPT coding. These cases are at least a year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?
Almost every digital copier built since 2002 contains a hard drive, like the ones on computers, storing an image of every document copied, scanned, or e-mailed by the machine. This advanced technology has opened a dangerous hole in data security. Used copy machines, which are often resold, can contain lots of sensitive information, including PHI.
