How should we verify identity during a phone request to change a password?
HIPAA Weekly Advisor, July 31, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Develop a policy and procedure that include types of identifying information the individual must provide during a phone request (e.g., birth date, Social Security number, NPI, unique physician identification number, or home address). Select two or three (the more, the better) types of identifying information the caller must provide before you reset the password.
Maintain this information in a place or on a computer system that is easily accessible to the person responsible for resetting passwords. Also, inform all users of the policy and of the identifying information necessary for password resets. If the caller cannot provide the information, do not reset the password until the caller can identify him- or herself in person.
Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched