to understand correctly and make sure this isn't a typo:
A unique identifier that would permit a person to identify a particular user is not PHI, under the regulations. The character of an identifier is not determined by its name. What matters is whether or not PHI is actually disclosed.
Because in the first part of your answer you mentioned that the name address and account number on the check stored in the non-hipaa compliant cloud accounting software would be a violation of the statutes.
So that has me a little confused. But the point is moot since it seems that simply issuing someone a check without any link to their medical record/PHI should be ok. In the server based medical billing software (which is hipaa compliant) we can reference the check number to the patient's account. The check itself and the record of same which is stored non compliantly on the cloud needs no reference back to the patients account since the check number itself could be used for that purpose.
So in a nutshell: ok to write checks to patients to refund them money using quickbooks online so long as no account number or any other reference appears in that record whatsoever? The quickbooks is not being used as the medical billing software, that is separate and onsite and compliant. Sorry to drag it out. I'm not into any 1.5 million dollar fines and yes I attract that sort of headache due to some karmic debt from another lifetime it seems :(
thanks. that information is handled solely by me since I am the only one using the quickbooks accounting software and I am the doc. I doubt this would be considered a breach. thanks for all your help.
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).