04 March, 2019

HIPAA 2



Be careful when mailing documents:

•        A patient received an appointment reminder for another patient.

•        A patient received another patient’s medical records in with their requested medical records.

Double check your mailings before enclosing the document in the envelope.  Also, seal the envelope before it leaves your office.

Be careful what you say:

•        Making a comment about an employee and their recent doctor’s visits to another employee.

•        Asking an employee why they were at an appointment.  If someone wants to voluntarily share their information that’s okay.  But it is never okay to ask.

•        Mentioning to someone that you saw a mutual friend at the clinic.

•        Confirming for a caller that a patient had an appointment.

•        Sharing with outsiders that a patient was at the clinic and giving out their diagnosis.

•        Advising a school whether a student had an appointment at the clinic.  The school was trying to verify if an excuse for absence is legitimate.  The correct answer would be to tell them if the excuse is legitimate.  Do not verify if there was an appointment.

•        Verifying for a parent of a patient that is over the age of 18 whether there was an office visit.  The parent may cover the student under their health insurance but that does not grant them rights to the medical records.

HIPAA is see something, say nothing.

Be careful when printing out medical records for patients:

•        Printing out chart information for an adult that advises they are a parent but not verify that this is actually a parent.

•        Printing out medical records for the spouse of one of your patients.  Without a written release from the patient.

Before we give any records out we must verify the identity of the person seeking the records and their right to the records.  Make copies of their ID for the file.  Also, they should sign the Medical Records request form for our records.

Accessing records that aren’t for a patient being treated by your provider:

•        Reading your lab/x-ray results in your or a family members medical chart.

•        Looking up the reason an acquaintance was in for a visit.

•        Printing out information from your child’s medical record.

•        Printing out information from your own personal medical record.

•        Printing out information from other family members file.

•        Printing out information for another employee at their request.

You should never access a record that isn’t a patient being treated by your provider.  If you need a copy of an item in your file or a family member’s file, then complete the Medical Records request form and get the records from Medical Records just like other patients.  This allows for proper documentation of the release of the records.

Sharing your login with others:

•        Accessing a medical record using someone else’s login.

•        Allowing someone to complete a record using your login.

•        Placing your login and password information on your desk or computer so you won’t forget.

Your login information is your fingerprint in the Electronic Medical Records.  Don’t allow anyone to use the login and don’t leave it out for someone to take.

Remember Allscripts records every touch from login to log out.  An audit of an account shows the person that touched the file with date, time and what was viewed, changed, and/or printed.  It keeps up with the total time spent on each area.  If someone questions whether their chart has been viewed.

Thank you.