Banner

Article

HIPAA Consult

Answers to your questions about...invalid authorizations; computer security; e-prescribing

A No. To be valid, an authorization must contain, at minimum, the following elements: (1) a description of the information to be disclosed; (2) the name of the authorized discloser; (3) the name of the recipient; (4) the purpose of the disclosure (which, in special circumstances, may be satisfied with the phrase, "at the request of the individual"); (5) an expiration date or event (for example, "at the conclusion of the research project"); and (6) the patient's signature and date.

A valid authorization must also make clear the patient's right to revoke the authorization in writing at any time; whether, in special circumstances, any treatment, payment, enrollment, or benefit eligibility is dependent upon the authorization; and the potential for the information to be redisclosed by the recipient and, therefore, no longer protected by HIPAA.

Computer security Q Are there specific steps I need to take to make my computer system HIPAA compliant?

A Yes. The security rule sets out more than 60 requirements. Here's a partial list: (1) Install and regularly update virus-protection software. (Make sure to protect workstation computers, too, and not just the server.) (2) Set screen savers to come on quickly, with reactivation requiring a password. (3) Be sure PDAs, tablet computers, and laptops are password-protected, just as desktops should be. (4) Position computer monitors so patients can't read what's on the screen. (5) When an employee quits or is fired, eliminate her computer password and be sure she surrenders her office keys. (6) Store backup tapes of files in a safe, offsite location, so that data will be protected in case of fire or flood.

Privacy and e-prescribing Q What impact will HIPAA have for doctors who elect to e-prescribe?

A That depends. Any doctor who's considered a covered entity must protect the privacy of e-prescribing information-both prescriptions transmitted to a pharmacy and requests for prescription-related information from a patient's drug plan-just as she would any other protected medical information transmitted electronically to a third party.

You're considered a covered entity if you conduct any one of the standard HIPAA transactions electronically (claims filing, insurance eligibility requests, and so forth). Moreover, since e-prescribing information (prescriptions and related data) is considered protected health information, it's also covered by the security rule.

Margaret M. Davinomdavino@kbrny.com is a healthcare attorney with Kaufman Borgeest & Ryan, in New York City.

This department answers common HIPAA-related questions. It isn't intended to provide specific legal advice. Please submit questions via e-mail to mehipaa@advanstar.com or by regular mail to Medical Economics, 5 Paragon Drive, Montvale, NJ 07645, ATTN: HIPAA CONSULT. If we select your query, we'll address it in an upcoming issue. Your name will not be used.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Related Content
Drinking water proven to have health benefits: ©Soleg - stock.adobe.com
November 27th 2024

Who needs a doctor when you have a glass of water?

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy
June 28th 2024

Ep 34: U.S. Rep. Earl L. 'Buddy' Carter on physicians getting involved in policy

Fewer people leaving positive reviews for health care facilities: ©Chinnarach - stock.adobe.com
November 26th 2024

Two stars: Fewer people leave positive reviews for health care facilities post-COVID

Logo: Off the Chart with Medical Economics
January 29th 2021

Telehealth's long-term impact on the business of medicine

Negative browsing habits lead to negative moods: ©Teodor Lazarev -stock.adobe.com
November 25th 2024

Your patients’ browsing habits may be driving their negative moods

© fizkes - stock.adobe.com
November 21st 2024

70% of Americans want primary care providers to address mental health