Washington, DC (PRWEB) July 09, 2014
When doctors retire, someone has to take responsibility for their patient files – both keeping them secure and making them available to other providers when needed for patient care. The July issue of Atlantic Information Services’s Report on Patient Privacy (RPP) takes a look at a settlement announced late last month between the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and a nonprofit health system that left boxes of patient files on a former doctor’s driveway after negotiations to buy her practice broke down.
According to the resolution agreement posted to OCR's website, Fort Wayne, Ind.-based Parkview Health System, Inc. will pay $800,000 and implement a one-year corrective action plan after an OCR investigation (Complaint Number 09-99157) determined the health system made potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. Officials at Parkview aren’t commenting beyond a one-paragraph statement asserting their commitment to patient privacy, but notably also mentions that OCR isn’t alleging the records came to any misuse during this situation. And, Parkview’s agreement isn’t “an admission of liability.”
When a doctor gives up his or her practice, for whatever reason, safeguarding of the records under HIPAA “is always an issue,” Jeffrey Drummond, a health care attorney in Austin, Texas, tells RPP. The goal is to transfer the charts to another responsible entity, Drummond says, if you don’t want to deal with them yourself or believe you shouldn’t.
One of the options Parkview could have pursued, Drummond says, was to take the doctor to court. “You say, ‘This woman needs to take them back, the court should take custody of them’” until she does, he says.
In addition to HIPAA, state laws also come into play. In Texas, for example, physicians who are no longer practicing are “responsible for finding a new custodian, and giving patients notice of where the records are going to go,” Drummond says. They must include where the files will be sent and offer the patient an opportunity to object, after which the records will be sent, he tells RPP. Barring objections, files can then go to their new home, which need not be another provider. Drummond says a physician or other covered entity (CE) could pay for secure storage space, but then would also have to sign a business associate agreement with the storage facility, and might still retain some obligations to assure patients can access their records upon request.
Another option would be for the files to go back to the patients. A CE could notify patients that, regardless of the reason, the operations are closing and ask patients to pick up their files. “If you don’t have the original [chart], you don’t have the HIPAA obligation” to safeguard it, Drummond says.
Visit http://aishealth.com/archive/hipaa0714-01 to read the article in its entirety.
About Report on Patient Privacy
Report on Patient Privacy is the health industry’s #1 source of timely news and business strategies for safeguarding patient privacy and data security. Published for hospitals and other providers, health plans and other HIPAA-covered entities and business associates, the 12-page newsletter focuses on privacy issues that can result in huge fines, penalties and public relations nightmares, including: security breach notification; business associate relations and agreements; and new federal privacy rules for marketing, fundraising, privacy notices, minimum necessary, patient rights and safeguarding privacy in EHRs. Visit http://aishealth.com/marketplace/report-patient-privacy for more information.
About Atlantic Information Services
Atlantic Information Services, Inc. (AIS) is a publishing and information company that has been serving the health care industry for more than 25 years. It develops highly targeted news, data and strategic information for managers in hospitals, health plans, medical group practices, pharmaceutical companies and other health care organizations. AIS products include print and electronic newsletters, websites, looseleafs, books, strategic reports, databases, webinars and conferences. Learn more at http://AISHealth.com.