Published Oct 22, 2012
DaddyO
349 Posts
I asked for a copy of my Dad's medical records from a Hospital. I received a bill from a 3rd party that made the actual copies.
Does having a 3rd party make copies violate the HIPAA rule since we were not made aware that another source would be copying his files.
Thanks
JustBeachyNurse, LPN
13,957 Posts
Not necessarily, I'm guessing the third party source consent was included in the hospital consent as many facilities utilized 3rd party companies for off site storage of medical records.
As long as they have a confidentiality contract with the third party medical records company they would be in compliance with HIPAA:"Covered entities must have contracts in place with their contractors and others ensuring that they use and disclose your health information properly and safeguard it appropriately."
For Consumers
T-Bird78
1,007 Posts
No. As long as a release was signed they're covered. I worked in a billing office and we had outside vendors that had to sign confidentiality agreements as part of the contract (on-site shredding, IT support, etc) so they fall under the same privacy restrictions.
nurseprnRN, BSN, RN
1 Article; 5,116 Posts
Access to records in this fashion is covered under the "business associate" part of the HIPAA rules. They bear the same burden of confidentiality as anyone in the hospital, clinic, or insurance carrier.