Revenue Cycle

HIPAA Q&A: Disposing of records and requests for records

HIM Briefings, March 1, 2016

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to HIM Briefings.

Q: The chief executive officer of the hospital where I work is talking about having our hospital coding done in India. What are the potential ramifications of this plan for our hospital? I know a prominent hospital in ­Palo Alto, California, was going to do this in 2011.

Have any U.S. hospitals actually outsourced their medical record coding to foreign countries? What are the liability risks? What do we need to be aware of in terms of HIPAA compliance?

A: Yes, many organizations send coding and transcription work overseas. Despite business associate agreements (which you must get with any such vendor, offshore or not), it may be difficult to ensure that these vendors are HIPAA compliant, although one could make the same argument about U.S. vendors as well. Be sure to do your due diligence by carefully checking your vendor's references (and documenting the results) should you choose to go this route. You might also discuss this with your organization's insurance carrier and/or attorney for an assessment of the risks.

Editor's note: Chris Simons, MS, RHIA, the director of health information and privacy officer at Maine General Medical Center in Augusta, answered these questions. Simons is also an HIMB advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Send your questions related to HIPAA compliance to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com.

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to HIM Briefings.

Most Popular