• E-mail
• Print
• RSS

Is it a HIPAA violation to take files containing PHI out of the office to make preoperative/postoperative calls and deliver charts to an out-of-town physician's office for signature?

HIPAA Weekly Advisor, January 15, 2007

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

You should remove patient records from the facility's safekeeping under very limited circumstances, usually in response to a subpoena or court order. Ideally, an employee on duty at the time of the call (not working from home) should conduct preoperative/postoperative calls. If an employee must make these calls on his or her own time, it could be a violation of federal labor laws.

If a staff member is exempt from certain labor laws and must make follow-up calls from home, he or she should take only limited information (e.g., the patient's name and telephone number) out of the facility and document the follow-up calls on a blank form to file in the patient's medical record.

It can be difficult to get out-of-town physicians to come back to the facility to complete records, but most organizations have solved this without physically taking the records to the physician. For example, you could mail the original document to the physician for signature, along with a stamped, self-addressed return envelope (keep a copy of the report in the patient's record, should the original be lost). Or, fax the document to the physician and ask him or her to sign it and mail or fax it back.

Editor's note: Mary Brandt, president of Bellaire, TX-based Brandt & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive