• E-mail
• Print
• RSS

HIPAA Q&A: When a patient loses his ID card

HIPAA Weekly Advisor, December 13, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q. We are a nonprofit agency that provides services to individuals with varying disabilities and mental health concerns. Levels of care vary from home consultation to 24-hour residential care. Some patients act as their own guardians; others have legal guardians.

An employee asked the following question: A patient who carries his or her own state-issued identification card or work-issued identification card loses the card. Is this considered an unauthorized disclosure? Must we notify all parties specified by the relevant regulations?

Does the answer depend on whether the patient has a legal guardian? Also, does the answer differ depending on whether the lost card is a state-issued identification card or a work-issued identification card that includes the patient’s full name, photograph, work address, and telephone number?

A. If a patient loses an identification card issued for legitimate business reasons, you are not responsible for any disclosures resulting from the patient’s loss of the card. Similarly, if you gave a patient a copy of his or her medical records at his or her request, and the patient loses or discards the records where others could access the information, you would not be liable for the patient’s actions.

Editor’s note: Mary D. Brandt, vice president, health information management, at Scott &White Healthcare, Temple, TX, answered this question. She is a nationally recognized expert on patient privacy, information security, and regulatory compliance, and her publications provided some of the basis for HIPAA’s privacy regulations. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive