Medical
Case Management
Liability
Life Care Plans
Task Assignments
Testimony
Workers' Compensation
Vocational
Case Management
Earnings Capacity Assessment
Liability
Task Assignments
Testing
Testimony
Workers' Compensation
Legal
Earnings Capacity Assessment
Legal Nurse Consulting
Life Care Plan
Medical Liability
Vocational Liability
Testimony
Consulting
Branch Medical Consultant
Legal Nurse Consultant
Licensed Professional Counseling
Occupational Health and Wellness Program
Human Services
Sickle Cell Disease
What is Sickle Cell Disease?
Pain Assessment and Management
Info for Physicians & Health Care Professionals
Info for Teachers, Students & Employers
HIPAA Compliance
Intro
General
Physicians
Other Health Providers
Workers' Compensation
Liability Coverage
Office & Technology
Complaints
Contact Us
Referral Form
Inquiry Form
E-mail
OFFICE & TECHNOLOGY QUESTIONS
Q. Is a copy, facsimile, or electronically transmitted version of a signed Authorization valid under the Privacy Rule?
A. Yes. Under the Privacy Rule, a covered entity may use or disclose protected health information pursuant to a copy of a valid and signed Authorization, including a copy that is received by facsimile or electronically transmitted.
Q. Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?
A. Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.
Q. In limiting access, are covered entities required to completely restructure existing workflow systems, including redesigning office space and upgrading computer systems, in order to comply with the HIPAA Privacy Rule's minimum necessary requirements?
A. No. The basic standard for minimum necessary uses requires that covered entities make reasonable efforts to limit access to protected health information to those in the workforce that need access based on their roles in the covered entity.
The Department generally does not consider facility redesigns as necessary to meet the reasonableness standard for minimum necessary uses. However, covered entities may need to make certain adjustments to their facilities to minimize access, such as isolating and locking file cabinets or records rooms, or providing additional security, such as passwords, on computers maintaining personal information.
Covered entities should also take into account their ability to configure their record systems to allow access to only certain fields, and the practicality of organizing systems to allow this capacity. For example, it may not be reasonable for a small, solo practitioner who has largely a paper-based records system to limit access of employees with certain functions to only limited fields in a patient record, while other employees have access to the complete record. In this case, appropriate training of employees may be sufficient. Alternatively, a hospital with an electronic patient record system may reasonably implement such controls, and therefore, may choose to limit access in this manner to comply with the Privacy Rule.
| Main Office (800) 836-3450 | Fax (717) 795-6204 | srs@srsrehab.com |
