Otolaryngology Coding Alert
Take Steps to Safeguard ePHI From Unauthorized Disclosure
Question: A provider in our practice informed us that they have been sending patient records to their personal email to review at home. Does this constitute an unauthorized disclosure of electronic protected health information (ePHI), and does it pose a security risk? Florida Subscriber Answer: Yes, the provider’s actions can constitute an unauthorized disclosure of ePHI and pose a security risk. Unauthorized disclosure of health data can be just as dangerous to a patient’s privacy as a ransomware attack. While the latter garners more attention from health IT pundits, the media, and the feds, unauthorized access or disclosure of ePHI is just as serious. Some unauthorized disclosure incidents may be malicious in their intent, but most incidents, such as the one you’re describing, are due to negligence or improper cybersecurity education. People in the system, such as doctors and other clinicians, may just want to access the patient’s information and medical record to deliver treatment but are violating disclosure rules. When patients arrive at your practice, you’re committed to protecting their ePHI. Once the patients’ records leave your practice’s network, there’s no way to ensure that protection and that could cause major headaches if the provider’s personal device or accounts become targets of cybercriminals Keep in mind: Email is not a secure method of transmitting PHI. Unless the email is encrypted end to end, the PHI is at risk while it is being sent from the office to the physician’s home, even if their home network has all security safeguards in place. PHI cannot leave the practice’s secure network via unsecured email because it leaves the PHI open to theft. Instead, safeguard it by using encrypted email. By educating your employees on the safe handling of ePHI and proper cyber hygiene techniques, your practice can help prevent incidents of unauthorized disclosure.
Related Articles
Otolaryngology Coding Alert
- CPT® Coding:
Dive Into the Details of Neck Dissection Coding
And peruse this quick refresher on what each procedure involves. If your otolaryngologist documents that [...] - E/M MDM:
Conquer Data Counting With 3 Handy Hints
Plus, get a can’t-miss pro tip on when not to count data. As we’ve often [...] - Mythbuster:
Ditch These Coding Habits to Diminish Denial Distress
Increasing first-pass payment success might be easier than you think. Submitting clean claims is the [...] - You Be the Coder:
Let POS Dictate How You Handle ‘Uncertain’ Dx
Question: A patient presented to the office with a painless lump behind their ear. Our otolaryngologist [...] - Reader Questions:
Test Your Technical, Professional Component Reporting Know-How
Question: Sometimes our provider will perform maxillofacial computerized tomography (CT) without contrast in-house, but the scan [...] - Reader Questions:
Take Steps to Safeguard ePHI From Unauthorized Disclosure
Question: A provider in our practice informed us that they have been sending patient records to [...] - Reader Questions:
Check Your Modifier Mastery With This Complex MRND Case
Question: How would you code a laryngectomy with bilateral modified neck dissection? Georgia Subscriber Answer: Since there [...]
