I need some help writing a policy concerning physicians taking patients’ records home to work on. Suggestions?
Question: I need some help writing a policy concerning physicians taking patients’ records home to work on. Suggestions?
Answer: I think you make this part of your privacy policy, as referred to in the HIPAA privacy rights statement that new patients sign. If that policy promises to keep charts safe, you should spell out how you’ll do it. If I were writing such a policy, I’d include:
Really, if I had my druthers, I’d tell physicians that if they want to work at home, they should invest in a secure, Web-based EMR. There are just too many risks to patient privacy and too much inefficiency involved in lugging around paper charts.
HIPAA highlights: 2 disturbing class actions, OCR risk analysis enforcement
April 24th 2025Two class-action lawsuits targeting the University of Maryland Medical Center and the University of Kansas Health System for years-long cyberstalking and unauthorized access to protected health information spotlight massive HIPAA risk-analysis failures and underscore the urgent need for stronger health care cybersecurity safeguards.