Subscribe to our newsletter

Posts Tagged ‘hipaa rules’

HIPAA requirements, safeguards, and laws.

Monday, June 8th, 2009

Below are the administrative and physical safeguards as outlined in the Federal Register. These requirements are items that must generally be addressed internally, even if you are outsourcing your email.

Standard: ADMINISTRATIVE SAFEGUARDS Sections Implementation Specification Required or Addressable
Security Management Process 164.308(a)(1) Risk Analysis R
Risk Management R
Sanction Policy R
Information System Activity Review R
Assigned Security Responsibility 164.308(a)(2) R
Workforce Security 164.308(a)(3) Authorization and/or Supervision A
Workforce Clearance Procedures R
Termination Procedures A
Information Access Management 164.308(a)(4) Isolating Health Care Clearinghouse Function R
Access Authorization A
Access Establishment and Modification A
Security Awareness and Training 164.310(a)(5) Security Reminders A
Protection from Malicious Software A
Log-in Monitoring A
Password Management A
Security Incident Procedures 164.308(a)(6) Response and Reporting R
Contingency Plan 164.308(a)(7) Data Backup Plan R
Disaster Recovery Plan R
Emergency Mode Operation Plan R
Testing and Revision Procedure A
Applications and Data Criticality Analysis A
Evaluation 164.308(a)(8) R
Business Associates Contracts and Other Arrangement. 164.308(b)(1) Written Contract or Other Arrangement R
Standard: PHYSICAL SAFEGUARDS Sections Implementation Specification Required or Addressable
Facility Access Controls 164.310(a)(1) Contingency Operations A
Facility Security Plan A
Access Control and Validation Procedures A
Maintenance Records A
Audit Controls 164.312(b) R
Integrity 164.312(c)(1) Mechanism to Authenticate EPHI A
Workstation Use 164.310(b) R
Workstation Security 164.310(c) R
Device and Media Controls 164.310(d) Disposal R
Media Re-use R
Accountability A
Data Backup and Storage A

Tags: , ,
Posted in Uncategorized | No Comments »

Can a patient inspect their own records?

Wednesday, May 27th, 2009

secret

The HIPAA concentrates a lot on protecting PHI from other people, but can a patient see their own records?  In a word yes, after all the patient is the one being talked about in them!

A patient has the right to inspect a copy of their own PHI without charge at any time within reason.  A patient also has the right to obtain a copy of their records, again within reason.  An organization has the right to charge a fee for making a copy, ostensibly to cover the administration cost of the request.  As a record can in some cases be thousands of pages long, the patient should perhaps be selective about what is requested.

Apart from general curiosity there are many reasons why a patient would want to access their PHI.  The records can be used to seek a second opinion on a diagnosis or treatment, having a copy of the record would speed things up considerably.  As would having a copy when accessing a new doctor if a patient changed area or state.  Records are transferred as part of the procedure when changing practitioners, but having a copy of a record would speed things up if something was needed instantly.

Many decisions are based on the contents of a medical record.  If a patient believes they have had decisions that seem incorrect or unfair, then it is logical to find out on what information that decision is based.  If a patient was refused insurance, or the insurance refused a payout then it would also be a good idea to check the records. There may be mistakes or incorrect information in the record that needs to be changed that only you would recognize.  Although having a medical record amended can be a bit of a pain…

Then there is the thorny issue of malpractice.  The PHI may form either the basis or evidence towards a malpractice suit.  Having a copy will aid this both for the patient and their lawyers.

In the end, the patient has the right to view or copy their own medical records.  They don’t even have to have a reason, or disclose it if they don’t want to.

Tags: , , , , ,
Posted in Uncategorized | No Comments »