Question: Our radiologist works from home on Mondays and Wednesdays, where he interprets and reviews charts via the internet. Often, he’ll have his work laptop and/or medical charts and orders there. Our office manager said he shouldn’t be allowed to do that due to HIPAA laws. Is this correct? Codify Subscriber Answer: The doctor doesn’t necessarily need to stop bringing work to his home office, but your practice should definitely establish a policy on taking charts, computers, and other items that have protected health information (PHI) on them to their homes. Unless handled very carefully, you could violate HIPAA and face penalties even if you just misplace one superbill in your home. If you decide to allow physicians, coders, billers or other staff members to take charts out of the office, it’s a good idea to implement a log-out system. That way, you’ll know where each patient’s information is, and there’s some accountability. You also should have a policy that says your staff members must safeguard any patient information when they remove it from the office, since the HIPAA laws protect the patient’s privacy no matter where the chart happens to be. Any computers or phones that have PHI on them should be password-protected, and you should use encryption software for the charts he’s reviewing online. Your best bet is to talk to a healthcare attorney or consultant to ensure that all staff members are compliant with HIPAA both at home and at the office.