HIPAA Rules on consent to email records
I seem to be getting a lot of calls lately from doctors asking me to email them x-rays of patients that were originally requested by another doctor. I've always done this routinely but I'm starting to wonder if I should be getting patient's consent to do this. It seems appropriate to me that a doctor could request a patient's records without their consent, because the only way they would know we have the records is if the patient informs them, which implies (in my mind) consent.
Does anyone have any experience with this or have an opinion? I'd hate to have to contact the patient to get their permission PLUS I'd also hate to have to start keeping a paper trail of consent for all these requests.
Thanks for any ideas you all might have.
Does anyone have any experience with this or have an opinion? I'd hate to have to contact the patient to get their permission PLUS I'd also hate to have to start keeping a paper trail of consent for all these requests.
Thanks for any ideas you all might have.
posted by Matt Kroona at 7/14/2009 03:11:00 PM
7 Comments:
We also just email them when asked. I haven't had any feedback. I choose to ignore most HIPAA stuff! Don't turn me in...
Marcelle you send your records to the doctor who refers the patient without getting a consent, so unless this doctor is requesting images just for fun you have the same scenario. The question is are the images safe from outside those parameters?
My privacy policy (which I "borrowed" from my local dentist) states, "We may use and disclose health information about you for the following purposes:
1. Treatment: We may use your health information to treat you or disclose your health information to a physician or other health care provider providing treatment to you."
So I assume that means I don't need their permission to email x-rays to other doctors who are treating them. Right?
I agree with Matt and have similar text in my HIPAA form. However, as a precaution we email or fax the patient a "Consent for use and disclosure of Health Information" form that requires their signature.
If the request is for email, we utilize AnyWhere Dolphin that encrypts the information and follows HIPAA standards.
If the request is for hard copies or CDs, we charge the patient an additional fee.
The problem with Eric's plan is that it creates a paper trail which has to be maintained. We keep no paper records of any of our patients. I'd rather not start now.
This comment has been removed by the author.
I understand Matt's concern about maintaining hard copies. However, since we scan the signed consent form and add it to the patient database (where it can be easily retrieved) it eliminates the paper storage issues.
Post a Comment
<< Home