HIPAA violations are subject to severe penalties. Error on the side of caution is reasonable.
Employees engaged in patient care can reasonably discuss and disclose patient information so as to provide care, without a risk of violation. However, as the distance between patient care and the provider increases, the risk of disclosure to an unauthorized person increases.
An implied agency between contracting parties and employees that would protect all from a HIPAA violation may be sufficient to cover the exchange of information. But, without a signed access request, the billing company could be accused of not taking reasonable steps to prevent an unauthorized third party from accessing patient records.
Thus, the requirement is reasonable, even if not expressly required.
Hope this helps.
Terms and Conditions: By your continuing in this conversation with me, or by your clicking “Accept”, you are expressly agreeing to all of the following: (1) our communication is for entertainment purposes only; (2) you are not consulting me in my professional capacity as an attorney; (3) you do not seek to establish an attorney-client relationship with me, nor do I with you; (4) you will not rely on anything I say and you will obtain appropriate legal counsel via a traditional/office consultation with an attorney licensed to practice in the jurisdiction where your legal issue arises (and you may not use our communication to avoid taxpayer penalties imposed by the U.S. Dept. of Treasury); (5) by communicating with me in this public forum you are irrevocably waiving any right to privacy, confidentiality and attorney-client privilege concerning the matters discussed. You further separately declare that any payment made by you is not consideration for this contract, nor offered for any services rendered by me on your behalf, but rather is made in genuine admiration and respect for my desire to help others. If you do not agree with these terms and conditions, then you must advise me immediately.
GOAL: To eliminate physical signatures on a access request form that the non-hospital agency states it needs to be HIPAA compliant.
> The problem is not the access request form but the physical signatures that they seem to have a need for.
> The requested signatures are redundant since we have HIPAA compliant process in place.
> This also creates undue costs attempting to acquire a physical signature and then faxing the form back (times the number of employees that require a access.)
> Doesn't HIPAA cover "implied trust" between two organizations?
No "implied trust." Just the opposite. 45 CFR Part 164, Subpart C provides specific security requirements, which although flexible, must be established and maintained.
An electronic signature may or may not be a sufficient safeguard. It would depend upon the degree of ease with which the electronic signature could be hacked, as compared to a physical signature.
Thank you even though that is not the answer I was looking for. :) I do appreciate your time and answers.
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).