Is it a HIPAA violation for physicians to take patient charts home or on vacation to complete dictation?
HIPAA Weekly Advisor, November 20, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
The privacy and security rules do not explicitly prohibit a provider from taking charts off site. Instead, covered entities must establish policies, procedures, and practices that reasonably ensure the integrity, confidentiality, and availability of the information. This means ensuring that
- the chart is secure at all times (e.g., in transport, when stored off-site)
- in this case, no one other than the provider has access to the chart
- processes are in place to access the information in the event of a disaster
It is well within a covered entity's rights to impose security policies, procedures, and practices that prohibit providers from transporting patient charts off site. The covered entity could determine that such practices pose too great a risk to the integrity, confidentiality, and availability of PHI because there are a number of increased risks when transporting data off-site.
Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- Case Management Monthly, March 2012
- Searched