Health Information Management

HIPAA Q&A: You’ve got questions. We’ve got answers!

HIM-HIPAA Insider, November 23, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Submit your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com and we will work with our experts to provide you with the information you need.

Q: Is patient scheduling considered coordination of treatment under HIPAA? We have some administrative staff who can read patients' medical records. However, this doesn't seem to adhere to minimum use guidelines under HIPAA, because the administrative schedulers do not need the medical record information to complete their tasks. I'm thinking the staffers shouldn't have access to the information, but rather the information should just be sent encrypted to practitioners. Which practice is most appropriate under HIPAA?

A: You are absolutely correct that access to PHI should be role-based and limited to what is necessary to do the job. Schedulers in many organizations obtain prior authorizations or have other needs for PHI (for instance, sending records to the consulting provider), and would need access to PHI to schedule appointments. If yours don't need it, they shouldn't have it. In addition, encryption is always the best way to send information where it needs to go.

Editor's note: Chris Simons, MS, RHIA, HIM Director and Privacy Officer, Maine General Medical Center, Augusta, Maine, answered this question for HCPro’s HIM Briefing (formerly Medical Records Briefing) newsletter. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular