Does HIPAA prohibit faxing?
HIPAA Weekly Advisor, August 22, 2003
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Does HIPAA prohibit faxing? Does the privacy rule say that utility bills or social security cards can be used for identification when patients want to obtain copies of their medical records?
A: Now, several months since HIPAA's privacy rule became enforceable, HIPAA myths still abound as evidenced by these questions.
The answer to both is no. Since the privacy rule explicitly permits sharing of PHI for treatment and certain other purposes, it does not ban common communication mechanisms such as faxing. In fact, since the rule applies to widely varying organizations and it must stand the test of time, it intentionally does not contain these sorts of implementation details. It's important to keep in mind the intent of HIPAA and to apply common sense if questions such as these arise in your organization. It's also valuable for your privacy official to be very familiar with the Fair Information Practices, which underlie this rule.
In reference to the above questions, each organization should consider the risks associated with these situations and determine its own policies and procedures to reduce those risks without thwarting its health care-related processes. Certainly, you want to obtain identification and reasonable assurance that the person requesting a medical record is, or has the authority of, the patient. Similarly, you want to take precautions when faxing PHI to reasonably assure that PHI does not go astray. You may have a policy stating that PHI is mailed instead of faxed in non-urgent cases, as a safer alternative. But that is an organizational decision, not a HIPAA requirement.
Editor's note: Answered by Kate Borten, CISSP, president of The Marblehead Group, in Marblehead, MA, and excerpted from the August 2003 issue of Briefings on HIPAA. This is not legal advice. Be sure to consult with your facility's legal counsel for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched