If this is your first visit, be sure to check out the FAQ & read the forum rules. To view all forums, post or create a new thread, you must be an AAPC Member. If you are a member and have already registered for member area and forum access, you can log in by clicking here. If you've forgotten your username or password use our password reminder tool. To start viewing messages, select the forum that you want to visit from the selection below..
I believe it is a HIPAA violation when scanning entire EOBs into patients charts that have other patient names on them. They are also kept in the paper charts with other patients names on them. Am I wrong?
A lawyer or court would be the only ones who can definitively answer that question for you. However, it's definitely a poor practice because the dissemination of PHI into other patients' charts means that individuals accessing one patient's charts are necessarily exposed to information that is not relevant to their task and it could be argued that the practice is not adhering to the 'need to know' provisions of the law. And it also poses an increased security risk since if there is a breach in of one patient's information, multiple patients' information would also be breached - this would put the practice at greatly increased liability in the event that a breach did occur. Best to not do this at all. EOBs shouldn't be in a patient's chart anyway - billing information is not a part of the medical record and doesn't belong there. Practices should have a separate and secure location for their billing records and not be housing them in patient charts.