Is it a HIPAA violation to take patient charts home or on vacation to complete dictation?
Compliance Monitor, January 5, 2007
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: Is it a HIPAA violation to take patient charts home or on vacation to complete dictation?
A: The privacy and security rules do not explicitly prohibit a provider from taking charts off site. Instead, covered entities must establish policies, procedures, and practices that reasonably ensure the integrity, confidentiality, and availability of the information. This means ensuring that:
It is well within a covered entity's rights to impose security policies, procedures, and practices that prohibit providers from transporting patient charts off site. The covered entity could determine that such practices pose too great a risk to the integrity, confidentiality, and availability of PHI because there are a number of increased risks when transporting data off-site.
Thanks to Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, for answering this question.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Do not code 57288 with 52000
- Searched