Legal

Ask a Lawyer and Get Answers to Your Legal Questions

Ask a Lawyer,
Get an Answer ASAP!

Legal
This answer was rated:

HIPAA Compliance Question: Using Quickbooks online cloud-based

HIPAA Compliance Question: Using...
HIPAA Compliance Question: Using Quickbooks online cloud-based accounting software (NOT HIPAA-compliant) to account for patient refund payments:

A small medical practice uses Quckbooks online for accounting purposes. About 100-200 patient refund checks are sent every year. This poses the following dilemma:
​Patient names, addresses, and medical record numbers are PHI
Quickbooks online is NOT HIPAA-compliant per their website. Although the data is indeed stored in a secure and encrypted manner.

Therefore, is writing a patient a refund check which has their name, address and account number and having that information stored online in a non-HIPAA compliant cloud based vendor a HIPAA violation?
What if checks are printed with just the patient’s account number – then the name and address are added by hand. Is the “account number” the same as a “medical record number”? If not, is an “account number” PHI?
How about simply printing a check with just the name and address and no account number on it? Is just writing an individual a check a HIPAA violation? There would be no indication that the check represented a refund for a medical office visit, although the name and address of the the doctor and practice would indeed be on the check. Other PHI such as medical information information would not be stored on the cloud. It would simply be payment to another vendor as far as Quickbooks is concerned. The accounting software would note it as a refund – non specific. The check could be mailed with a statement generated on the HIPAA-compliant in-office medical billing software so that the patient would know why they are getting the check, but that information would not be input into Quickbooks.
The only other solution that I can think of would be to have an entirely separate paper-only account for refunds with an old fashioned checkbook ledger. The accounting for that account would be completely independent from the online accounting software and only reconciled with it offline for accounting purposes at tax time by the accountant in order to deduct refund expense on the tax return.
Show More
Show Less
Ask Your Own Legal Question
Answered in 23 minutes by:
10/7/2013
socrateaser
socrateaser, Lawyer
Category: Legal
Satisfied Customers: 39,498
Experience: Retired
Verified
Hello,

You asked:

Therefore, is writing a patient a refund check which has their name, address and account number and having that information stored online in a non-HIPAA compliant cloud based vendor a HIPAA violation?

A: Yes. Failure to follow the HIPAA security regulations violates federal law. Title 45 C.F.R. Part 164, Subpart C.

What if checks are printed with just the patient’s account number – then the name and address are added by hand. Is the “account number” the same as a “medical record number”? If not, is an “account number” PHI?

A: A unique identifier that would permit a person to identify a particular user is not PHI, under the regulations. The character of an identifier is not determined by its name. What matters is whether or not PHI is actually disclosed.

How about simply printing a check with just the name and address and no account number on it? Is just writing an individual a check a HIPAA violation?

A: No. There is nothing in the regulations that would make this a HIPAA violation.

There would be no indication that the check represented a refund for a medical office visit, although the name and address of the the doctor and practice would indeed be on the check. Other PHI such as medical information would not be stored on the cloud. It would simply be payment to another vendor as far as Quickbooks is concerned. The accounting software would note it as a refund – non specific. The check could be mailed with a statement generated on the HIPAA-compliant in-office medical billing software so that the patient would know why they are getting the check, but that information would not be input into Quickbooks.
The only other solution that I can think of would be to have an entirely separate paper-only account for refunds with an old fashioned checkbook ledger. The accounting for that account would be completely independent from the online accounting software and only reconciled with it offline for accounting purposes at tax time by the accountant in order to deduct refund expense on the tax return.


A: The issue for HIPAA purposes is whether or not PHI is protected according to the regulations. If no PHI is placed into QB, then there is no HIPAA violation.

Please let me know if I can clarify or further assist.

Hope this helps.
Ask Your Own Legal Question
Customer reply replied 4 years ago


to understand correctly and make sure this isn't a typo:


 


A unique identifier that would permit a person to identify a particular user is not PHI, under the regulations. The character of an identifier is not determined by its name. What matters is whether or not PHI is actually disclosed.


 


Because in the first part of your answer you mentioned that the name address and account number on the check stored in the non-hipaa compliant cloud accounting software would be a violation of the statutes.


 


So that has me a little confused. But the point is moot since it seems that simply issuing someone a check without any link to their medical record/PHI should be ok. In the server based medical billing software (which is hipaa compliant) we can reference the check number to the patient's account. The check itself and the record of same which is stored non compliantly on the cloud needs no reference back to the patients account since the check number itself could be used for that purpose.


 


So in a nutshell: ok to write checks to patients to refund them money using quickbooks online so long as no account number or any other reference appears in that record whatsoever? The quickbooks is not being used as the medical billing software, that is separate and onsite and compliant. Sorry to drag it out. I'm not into any 1.5 million dollar fines and yes I attract that sort of headache due to some karmic debt from another lifetime it seems :(


 

Your first question was premised on the statement that the software application is not HIPAA compliant. Therefore, using it to store PHI would be a HIPAA violation. Then, you provide details suggesting that the software is not storing any PHI. If it's not storing PHI, then it doesn't need to be HIPAA compliant.

ok to write checks to patients to refund them money using quickbooks online so long as no account number or any other reference appears in that record whatsoever?


A: Yes. However, there is a possible risk that the manual extraction of the account information so as to generate the checks could produce a HIPAA violation, if the person who extracts the information does so in a manner that does not maintain the confidentiality of the person's PHI. I can't think of a scenario for how this would occur. But, I'm sure that DHHS could identify it, if you were to be audited.

I'm not trying to foreclose your billing model -- just suggesting that you need to carefully look at how this information is handled, between the time that it is taken out of the compliant system and the moment that it is input into the non-compliant system.

Hope this helps.
socrateaser
socrateaser, Lawyer
Category: Legal
Satisfied Customers: 39,498
Experience: Retired
Verified
socrateaser and 87 other Legal Specialists are ready to help you
Ask your own question now
Customer reply replied 4 years ago


thanks. that information is handled solely by me since I am the only one using the quickbooks accounting software and I am the doc. I doubt this would be considered a breach. thanks for all your help.

Ask socrateaser Your Own Question
socrateaser
socrateaser
socrateaser, Lawyer
Category: Legal
Satisfied Customers: 39,498
39,498 Satisfied Customers
Experience: Retired

socrateaser is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

Mr. Kaplun clearly had an exceptional understanding of the issue and was able to explain it concisely. I would recommend JustAnswer to anyone. Great service that lives up to its promises!

Gary B.Edmond, OK

My Expert was fast and seemed to have the answer to my taser question at the tips of her fingers. Communication was excellent. I left feeling confident in her answer.

EricRedwood City, CA

I am very pleased with JustAnswer as a place to go for divorce or criminal law knowledge and insight.

MichaelWichita, KS

PaulMJD helped me with questions I had regarding an urgent legal matter. His answers were excellent.

Three H.Houston, TX

Anne was extremely helpful. Her information put me in the right direction for action that kept me legal, possible saving me a ton of money in the future. Thank you again, Anne!!

ElaineAtlanta, GA

It worked great. I had the facts and I presented them to my ex-landlord and she folded and returned my deposit. The 50 bucks I spent with you solved my problem.

TonyApopka, FL

Not only did he answer my Michigan divorce question but was also able to help me out with it, too. I have since won my legal case on this matter and thank you so much for it.

LeeMichigan

< Previous | Next >

Meet the Experts:

Tina

Tina

Lawyer

8,775 satisfied customers

JD, BBA Over 25 years legal and business experience.

Ely

Ely

Counselor at Law

24,353 satisfied customers

Private practice with focus on family, criminal, PI, consumer protection, and business consultation.

INFOLAWYER

INFOLAWYER

Attorney

20,727 satisfied customers

Licensed attorney helping individuals and businesses

JPEsq

JPEsq

Attorney

2,132 satisfied customers

Experience as general attorney, in house counsel, SSDI, Family Law attorney, and law professor

Law Educator, Esq.

Law Educator, Esq.

Attorney

42,358 satisfied customers

JA Mentor -Attorney Labor/employment, corporate, sports law, admiralty/maritime and civil rights law

Ellen

Ellen

Lawyer, Consultant

8,238 satisfied customers

25 years of experience helping people like you.

Guillermo J. Senmartin, Esq.

Guillermo J. Senmartin, Esq.

Attorney

292 satisfied customers

7+ years of experience handling various legal matters.

< Previous | Next >

Related Legal Questions
Is this confidential? Your website was helpful! Stateside. I
I am a Navy SELRES O-3 and I met someone that I am interested in Dating. She is AD Air Force, but I found out she is enlisted. She is not in my chain of command and not even on the same base. Since I met her in a civilian capacity, will this still be considered fraternization? Thank you for your help!… read more
Law Educator, Esq.
Law Educator, Esq.
Attorney
Doctoral Degree
42,358 satisfied customers
I SIGNED A COMPETITIVE CONFIDENTIALITY AGREEMENT NOT TO GO
I SIGNED A COMPETITIVE CONFIDENTIALITY AGREEMENT NOT TO GO TO A COMPETITOR FOR 2 YEARS NUT I NEED TO LEAVE ITS ALL I BEEN DOING ALL MY LIFE … read more
LegalKnowledge
LegalKnowledge
Juris Doctor
28,141 satisfied customers
Is this confidential? I am a contract. Texas. None
Is this confidential? JA: We keep all your personally identifiable information confidential and even have people that double check to make sure something doesn't slip through. Your question goes out t… read more
Olivia Kent
Olivia Kent
Managing Partner
Doctoral Degree
1,962 satisfied customers
Is this confidential. I think I'm being scammed ... Here is
I think I'm being scammed ... Here is the story - I answered a CL post to meet up with an 18 yr. old man Before we ever met he said he was under 16 and I said forget it have I done anything criminally wrong? … read more
LawGuy
LawGuy
Juris Doctor
123 satisfied customers
An ex employee stole confidential client information in
An ex employee stole confidential client information in order to seek business. Not sure how many, however couple of clients have come forth that they received calls from this ex employee. Is this a c… read more
Legal Eagle
Legal Eagle
Attorney
Doctoral Degree
7,372 satisfied customers
I have a questions regarding a breach of confidentiality
I have a questions regarding a breach of confidentiality committed by a therapist. … read more
Dwayne B.
Dwayne B.
Juris Doctor
28,693 satisfied customers
A coworker was to keep a conversation confidential have it
a coworker was to keep a conversation confidential have it in writing but she posted to social media naming a person I said I could sue for slander and also mentioning I thought he was stalking me but… read more
LegalGems
LegalGems
Juris Doctorate
10,698 satisfied customers
Everquote insurance using my confidential auto quote.Posting
Everquote insurance using my confidential auto quote.Posting on several site on Yahoo with my name and birthday without my permission. Can his co do this? … read more
Law Educator, Esq.
Law Educator, Esq.
Attorney
Doctoral Degree
42,358 satisfied customers
Will the conversation be kept in confidential? I have a
I have a question about the Release of Employment Information. … read more
Legal Eagle
Legal Eagle
Attorney
Doctoral Degree
7,372 satisfied customers
Is this confidential. I am a boss that had relation with an
I am a boss that had sexual relation with an employee. I am fearing that she will be filing a misconduct on my part. I know it was a mistake, what should i do … read more
Legal Eagle
Legal Eagle
Attorney
Doctoral Degree
7,372 satisfied customers
I would like to get someone to create a confidentiality
I would like to get someone to create a confidentiality document for third parties who are helping me build my startup. This should also including any value they contribute is the startups etc.. … read more
Bill Attorney
Bill Attorney
law
1,596 satisfied customers
Is this considered confidential? I have an issue with my ex
I have an issue with my ex who has been stalking me. The weekend prior to this following incident I will briefly explain, I had someone (on audio) going through my room and drawers and there are audible voices on the video. Being that I have been denied for a protective order before, I was in the process of trying to gather enough to go to the court so the judge wouldn't turn me away. The following weekend, I had an incident where I woke up, and my cameras showed something that I thought to be an intruder earlier in the night. I called the police. It turns out one of the clips was in fact me, dropping a camera. After that, they dismissed everything else I had to say. They expressed that they believed I was mentally unstable. Didn't want to hear anything about the previous infusion. My sister in law spoke to the officer on my phone. I requested he not leave my presence while on it He did … read more
Barrister
Barrister
Attorney/Landlord/Realtor
Doctoral Degree
35,334 satisfied customers
My friend accidentally disclosed a verbal confidential info.
My friend accidentally disclosed a verbal confidential info. As soon as realised she gave an apology. 8 months later she has been suspended with a view to dismissal. There was no benefit received or e… read more
lucy7368
lucy7368
Juris Doctor
763 satisfied customers
I am not sure I understand confidentiality agreements and
I am not sure I understand confidentiality agreements and breach of contract. … read more
Damien Bosco
Damien Bosco
3,388 satisfied customers
I signed a Confidentiality and Non Disclosure Agreement with
I signed a Confidentiality and Non Disclosure Agreement with my current employer a few years ago. Now I want to start my own business within the same industry, also offering products and services in t… read more
Legal Eagle
Legal Eagle
Attorney
Doctoral Degree
7,372 satisfied customers
Re: mediation Does Florida statute on confidentiality of
Re: mediation Does Florida statute on confidentiality of mediation only apply to court ordered or does it apply to pre-suit when no confidentiality agreement is signed. … read more
ScottyMacEsq
ScottyMacEsq
Doctoral Degree
17,312 satisfied customers
Is a confidentiality agreement cover fraudulent activities
is a confidentiality agreement cover fraudulent activities by the person asking for the agreement? This isn't my employer. This is my soon to be ex boyfriends parents who have committed fraud a few ti… read more
TaxAttorneytoHelp
TaxAttorneytoHelp
Owner
Doctoral Degree
2,542 satisfied customers
Is this conversation confidential? I have a question
I have a question regarding a sensitive matter. In the past I have enjoyed looking at non sexualized, non nudity pictures of children in diapers online. Is this in itself illegal? … read more
Zoey, JD
Zoey, JD
Doctoral Degree
181 satisfied customers

DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.

The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).

DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.

The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).

Show MoreShow Less

Ask Your Question

x