Topic: Recognize common HIPAA myths and misconceptions
HIM Connection, February 25, 2008
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Working proactively to maintain HIPAA compliance and patient privacy is essential. However, some of your efforts to comply may be unnecessary and may even hinder your ability to provide quality care. Ensure that your organization functions efficiently and complies with HIPAA by recognizing these two common myths and misconceptions.
Myth: You must store patient records in locked cabinets.
Significant expenditures for expensive locking cabinets for patient records are unnecessary. "I can't tell you how many physician offices and clinics I've seen who have spent money on lateral files or cabinets that locked because they thought it was required under HIPAA," says Mary D. Brandt, MBA, RHIA, CHE, CHPS, president of Brandt & Associates, Inc., in Bellaire, TX.
Be sure to keep records in a secure area with limited and restricted access. "If records are kept in a room with limited access--that is either staffed or locked when not staffed--that's acceptable," Brandt says.
Myth: Providing patient information to business associates is not permissible.
Many organizations use business associates to make follow-up quality-of-care telephone calls after treatment. Patients may erroneously believe that sharing their names and contact information with business associates constitutes a breach of their patient privacy, but a valid business associate agreement permits sharing this information. "This is something we need to know for the improvement of the quality of our care and is certainly permitted under healthcare operations," says Mary Thomason, MSA, RHIA, CHPS, CISSP, senior compliance consultant for Intermountain Healthcare in Salt Lake City.
Consider notifying patients that they may receive a business associate's call and the purpose of that call in advance. Nothing in the privacy rule requires you to provide patients an opportunity to opt out of your decision to share information for this purpose. However, you should honor any patient's request not to share his or her information in situations such as this, if possible, Thomason says.
Also consider working with business associates to script a proper introduction so that patients receiving calls understand the reason for them and don't mistakenly think they're for marketing or research recruitment purposes.
Editor's note: This topic was adapted from the February 2008 issue of Briefings on HIPAA. For more information, visit www.hcpro.com/content/204827.cfm.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Comments
0 comments on “Topic: Recognize common HIPAA myths and misconceptions ”
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched