HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Archive for HIPAA Q&A

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: Can family members of a deceased patient obtain the medical records of the deceased if it is relevant to their own plan of care and family history?

A: Yes. The HIPAA Privacy Rule allows covered entities (CE) to disclose a deceased person’s PHI to family members and others involved in the person’s care or payment for care prior to his death, unless doing so is inconsistent with any prior expressed preference of the deceased person that was known to the CE. Information released to these individuals should be limited to the minimum necessary. If a complete copy of the patient’s record is requested, obtain written authorization from the executor of the deceased person’s estate or his next of kin, as prescribed by state law.

Editor’s note: Mary Brandt, MBA, RHIA, CHE, CHPS, answered this question for HCPro’s Briefings on HIPAA. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: Do healthcare organizations need to log all documents before shredding? I have my staff log all documents that were scanned and indexed before they are placed in the bin for shredding. Once I receive the certificate of destruction, we match the log sheets with the certificate of destruction for documentation purposes. Once matched with our log sheets, the certificates of destruction are kept in log books. This is done with the anticipation of court appearance. I will need to produce policies and procedures for certificates of destruction.

Read More→

Categories : HIPAA Q&A
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: How should an organization handle patient requests to withhold PHI from the patient’s insurance company?

A: Patients have a right to ask that their insurance companies not be billed for specific encounters. Most healthcare providers require that patients pay for these services themselves before agreeing to provide the services and not bill the patient’s insurance company. Your organization should have a policy/procedure in place to handle such requests. You’ll probably want the patient to make the request in writing. You’ll need to ensure that the information about the encounter is secured in the patient’s medical record, so it isn’t released with any future requests from the insurance company. You’ll also need a mechanism to bill the patient directly and prevent a bill for the services from being sent to the insurance company.

Editor’s note: Mary Brandt, MBA, RHIA, CHE, CHPS, vice president of health information, Central Texas Division, Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: You are reviewing a computer-generated insurance claim before it is sent to the insurance carrier, and you happen to notice the patient’s name on the claim—it’s an old friend of yours. You quickly read the code for the diagnosis. Is this a breach of confidentiality?

A: Yes, it is, unless you need to know that information to do your job. HIPAA requires us to access only the minimum we need to know to do our jobs. If you don’t need to know your friend’s diagnosis, you shouldn’t look at it.

If you do see it, remember that you may never share with anyone, including your friend, what you have seen. This knowledge can be a heavy burden, but it is our ethical and legal obligation not to share any ­information we obtain in the course of doing our work in healthcare.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: If a psychiatric nurse is looking at an emergency department (ED) patient’s information as part of his or her job, and notices that a friend’s child is in the ED, can the nurse go visit this patient?

A: No. The nurse must not use the information he or she obtains during the course of doing his or her job for anything other than work. In this case, the nurse discovered the information incidentally and should not use it to visit the child since doing so would not be related to the nurse’s work. On the ­other hand, if the friend notifies the nurse of the child’s ED stay, or if the nurse finds out the child is there in some other way that is unrelated to work, it would be acceptable to visit.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)