Wiki New to Compliance and need direction.

NDobos

New
Local Chapter Officer
Messages
9
Best answers
0
Administration has gone to the person in charge of ordering DMEs and told him that he is to contact everyone who has gotten 3 specific braces 12-15 months ago to see if the brace is still fitting properly and if they want to come in to have it evaluated with the goal of them ordering a replacement. He would need to go into the medical record for the day the brace was ordered so he could talk to the patient. Is there anything wrong with this person having access to this type of PHI? The person in charge of ordering DMEs does have medical background and has helped in the clinic in the past. Any advise would be greatly appreciated-- Thank you Nancy
 
If the provider requests that this direct employee accesses the record for a particular purpose, that should be okay. The person accessing the file must only access the part of the record that is required to accomplish the task. In other words, the person is not to snoop around to other areas of the record to satisfy any curiosity. Get in, perform the task, get out.

The employee has a duty to protect the information seen and must not disclose. This person has a duty to be in compliance of all patient privacy rules (by policy, state laws, federal laws --- whichever is stricter.)
 
If this person is employed by the practice, then just make sure he/she has been trained in HIPAA and training is documented in their employee file.

If this person is subcontractor or outsourced then have a BAA signed which details what they are allowed to access and expectations regarding privacy.
 
Top