Banner

Article

HIPAA Consult

Answers to your questions about...paper record disposal; deceased patients and privacy; rights of a surviving spouse; faxes and the security rule

A Although HIPAA doesn't dictate precisely how you should discard old records, it does say that the method you use should effectively protect patient privacy. So, for example, some practices use locked trash bins for paper containing protected medical information, and then contract with a vendor to shred or incinerate this material after removal.

Deceased patients and privacy Q I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

Although broad, these rights are not unlimited. For example, access to psychotherapy notes (notes maintained by a mental health professional separate from the medical record) may be denied. Doctors may also deny access to the patient's medical record if they or another licensed healthcare professional believe it's reasonably likely that granting such access will endanger someone's life or physical safety. If you do deny access, the patient's personal representative retains the right to appeal the denial to a neutral third party.

Rights of a surviving spouseQ Does a spouse have unlimited access to a deceased patient's medical record?

A No. A spouse is entitled to access a deceased patient's records only if he or she is the executor or administrator of the estate, or is otherwise authorized to act on its behalf. In such cases, the spouse must be treated as a personal representative with the same rights as the patient.

Faxes and the security rule Q Are faxes containing protected health information regulated by the HIPAA security rule?

A No. Regular paper faxes aren't considered protected health information under the rule, which only covers information in electronic form. But when someone requests information from a computer, through either a voice or telephone keypad command, and that request is returned as a fax, the communication is covered under the security rule. This isn't because "faxbacks," as they are known, have computers in them but because they are used as an input and output device for computers.

According to the government, "employment of telephone voice response and/or faxback systems will generally require security protection by only one of the parties involved, but not the other." The party that must protect the information is the one responding to the request, since the information she is returning is "already in electronic form and stored in a computer."

Margaret M. Davino (mdavino@kbrny.com
) is a healthcare attorney with Kaufman Borgeest & Ryan, in New York City.

This department answers common HIPAA-related questions. It isn$apos;t intended to provide specific legal advice. Please submit questions via e-mail to mehipaa@advanstar.com, or by regular mail to Medical Economics, 5 Paragon Drive, Montvale, NJ 07645, ATTN: HIPAA CONSULT. If we select your query, we'll address it in an upcoming issue. Your name will not be used.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Related Content
Negative browsing habits lead to negative moods: ©Teodor Lazarev -stock.adobe.com
November 25th 2024

Your patients’ browsing habits may be driving their negative moods

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy
June 28th 2024

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy

© shevchukandrey - stock.adobe.com
November 20th 2024

USPSTF releases the 14th Annual Report to Congress on High-Priority Evidence Gaps for Clinical Preventive Services

Logo: Off the Chart with Medical Economics
January 29th 2021

Telehealth's long-term impact on the business of medicine

I built an atypical family medicine empire: ©JackF - stock. adobe.com
November 19th 2024

I built an empire nobody wants

cash and stethoscope | © Valeri Luzina - stock.adobe.com
November 19th 2024

Take the Staff Salary Survey now!