Privacy Officer's Roundtable

  • 1.  provider has left

    Posted 11-03-2020 02:23 PM
    We have a provider who has left us and has contacted the IT dept to get a copy of some files in a shared folder.  Information includes his info for boards, presentations, scope images, and form templates.   I am thinking the form templates aren't an issue (although we don't share our forms, so he probably won't get these) but the scope images and anything with PHI should not go unless we have something from the patients giving us permission. He has moved out of state, so he will not have a treatment relationship with these patients.  Am I correct for the most part?  This is the first one that has asked, so it is the first time I have had to review this.   ​

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------
    SCCE Membership


  • 2.  RE: provider has left

    Posted 11-03-2020 03:07 PM
    In my opinion I would only give him the files that are not created on behalf of your healthcare system.  I think the info for his boards would be okay to give to him.  The form templates are really probably okay too.  The rest should not be shared.

    ------------------------------
    Ann Dunham
    MBA, SPHR, CHC, CHRC
    Compliance Officer
    Hannibal Regional Healthcare System
    Hannibal, MO
    ------------------------------

    SCCE Membership


  • 3.  RE: provider has left

    Posted 11-04-2020 07:19 AM
    Thank you.  This group is really wonderful to work with.  I'm glad I found it. ​

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------

    SCCE Membership


  • 4.  RE: provider has left

    Posted 11-03-2020 04:48 PM
    Not sure what the information is for the boards, but the other records (e.g. chart notes, orders, etc) belong to the entity and the information belongs to the patient.  The patient would need to give an authorization for him to get copies of their information.

    ------------------------------
    David Garrison
    Compliance/Privacy Officer
    SEARHC
    Juneau,AK
    ------------------------------

    SCCE Membership


  • 5.  RE: provider has left

    Posted 11-04-2020 07:21 AM
    That's what I had thought as well.  This was going to be given to him by IT with no questions asked until they saw what they thought was PHI in the files.  Glad they asked me before going forward.  I need to do some more education with them. ​

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------

    SCCE Membership


  • 6.  RE: provider has left

    Posted 11-04-2020 04:38 AM
    A scope image is likely not PHI and de-identified data. I'd take a look before saying "no". Form templates could be corporate property so that may be a "no".

    ------------------------------
    Brenda Manning J.D., C.H.C., C.H.P.C.
    Privacy Director
    Privacy Officer
    Carilion Clinic

    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.
    ------------------------------

    SCCE Membership


  • 7.  RE: provider has left

    Posted 11-04-2020 05:28 AM
    I would not return anything. This appears to be your companies work product. Most IT use agreements state this upfront. Even if it does not, courts have ruled that's companies have a right to protect their work product. This is much simpler than the PHI discussion. 

    I have allowed some personal information to be returned if it is clearly personal, like tax returns. Beyond me, why people store personal information on company owned devices. 

    Bill Turner
    414.731.1223 


    FIP, C|CISO, CIPM, CHPC, CDPSE
    CIPP /US, /G, /C, /IT



    SCCE Membership


  • 8.  RE: provider has left

    Posted 11-04-2020 07:01 AM
    ​Thank you.  I was on the same page.  I just think I needed to be reassured.  I appreciate all the help.

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------

    SCCE Membership


  • 9.  RE: provider has left

    Posted 11-04-2020 08:43 AM
    To clarify my answer - I was assuming the info for the boards was possibly (depending on the specialty) the number of surgery cases or procedures, types of patients treated, proof of CME's completed, etc.  Definitely no PHI should be shared

    ------------------------------
    Ann Dunham
    MBA, SPHR, CHC, CHRC
    Compliance Officer
    Hannibal Regional Healthcare System
    Hannibal, MO
    ------------------------------

    SCCE Membership


  • 10.  RE: provider has left

    Posted 11-04-2020 01:18 PM
    No clarification needed.  That's how I took it. ​

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------

    SCCE Membership