Wiki HIPAA Violation or NOT?? PLEASE HELP!

Create Wiki
M

mstroy

Guest
Messages
6
Location
Missoula, MT
Best answers
0
An Employee took Medical Charts, with her off-site, to another Health Office for training. The information from the Medical Charts were used in the training to code, enter, and bill (as live data). Our office has an active contract with the "other" Health Office for peer review, IT, and administrative purposes. The Medical Charts were transferred via locked (with combination code) brief case. The Medical Charts were logged-out and permission was given (by our Chief Executive Officer) for "authorized personnel" employee to use the Medical Charts as part of her training off-site. The Medical Charts were returned (on the same day) via locked-box and logged back into charting system, by employee. Employee and all involved in the training (at other site) are bound by HIPAA and all have completed appropriate/required HIPAA training.

Is/was the removal of the Medical Charts a HIPAA violation?? PLEASE advise.
 
mstroy said:
An Employee took Medical Charts, with her off-site, to another Health Office for training. The information from the Medical Charts were used in the training to code, enter, and bill (as live data). Our office has an active contract with the "other" Health Office for peer review, IT, and administrative purposes. The Medical Charts were transferred via locked (with combination code) brief case. The Medical Charts were logged-out and permission was given (by our Chief Executive Officer) for "authorized personnel" employee to use the Medical Charts as part of her training off-site. The Medical Charts were returned (on the same day) via locked-box and logged back into charting system, by employee. Employee and all involved in the training (at other site) are bound by HIPAA and all have completed appropriate/required HIPAA training.

Is/was the removal of the Medical Charts a HIPAA violation?? PLEASE advise.
Click to expand...

I would not say this is a HIPAA violation. The PHI is used in an appropriate manner, you have a contract (I am going to assume this is a BAA) with the other office, both of your facilities are CE's, the records are not only secured with the lock, but it sounds like they are always in the possession of the responsible party. Everyone who is using the PHI has the appropriate training. So, no, not a HIPAA issue, mainly because you are taking appropriate security precautions.

The removal of records would need to be addressed in your own policies - maybe this is a good time to review that policy and revise it as necessary.
 
You must log in or register to reply here.
Top