Neurology & Pain Management Coding Alert

Reader Questions:

Watch for HIPAA Issues With E-Mail

Question: I sometimes e-mail patient records to consultants or other coders for help on how to bill. How can I make sure I-m not committing a HIPAA violation? Oregon Subscriber Answer: A simple request for help can land you in hot water with HIPAA. The key is to remove all identifying information from the report before you send it. Here's how: Under HIPAA's Privacy Rule, you can make sure you don't send protected health information (PHI) by removing all individually identifiable health information, including health information that reasonably allows individual identification. In general, HIPAA is based on reasonableness. Best bet: Send only the parts of the report describing any clinical procedures and findings. Include a confidentiality notice at the end of your e-mail, such as in a signature line. These steps apply whether you send the e-mail from an office or from home. Remember: Before sending any report by e-mail, be sure to remove the patient's name and Social Security number. Also remove any geographic identifiers, dates, phone, fax, and e-mail information, and medical record and device serial numbers. Finally, read through the report before you send it to be sure the patient is unidentifiable. Another option: For extra security, you can send an encrypted e-mail to keep information safe.
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in Revenue Cycle Insider
  • 6 annual AAPC-approved CEUs
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more