Wiki SCANNING BULK EOBS

[labraddock]

I believe it is a HIPAA violation when scanning entire EOBs into patients charts that have other patient names on them. They are also kept in the paper charts with other patients names on them. Am I wrong?

 

[thomas7331]

A lawyer or court would be the only ones who can definitively answer that question for you. However, it's definitely a poor practice because the dissemination of PHI into other patients' charts means that individuals accessing one patient's charts are necessarily exposed to information that is not relevant to their task and it could be argued that the practice is not adhering to the 'need to know' provisions of the law. And it also poses an increased security risk since if there is a breach in of one patient's information, multiple patients' information would also be breached - this would put the practice at greatly increased liability in the event that a breach did occur. Best to not do this at all. EOBs shouldn't be in a patient's chart anyway - billing information is not a part of the medical record and doesn't belong there. Practices should have a separate and secure location for their billing records and not be housing them in patient charts.