Savannah
Contributor
This is how a current Audit was handled in our Practice: Auditor requested Medical Records on specific patients. Our medical records person gave the Auditor a Log-in/Password for our EHR and set them up in a room unsupervised to look up the pts. he/she needed. Meaning he/she had access to our entire Data Base not just the records requested.
I, as the Billing Manager, have an issue with this but my Manager says I am overreacting.
Can I please get your opinion as to if this is the correct way to handle an Audit and if it is a HIPAA violaton for him/her to have access to our entire Data Base and Not just the records requested?
Thank you for your time.
Paula
I, as the Billing Manager, have an issue with this but my Manager says I am overreacting.
Can I please get your opinion as to if this is the correct way to handle an Audit and if it is a HIPAA violaton for him/her to have access to our entire Data Base and Not just the records requested?
Thank you for your time.
Paula