Looking for feedback:
A call is taken by the receptionist at an outpatient rehabilitation center. The prospective new patient (or family/caregiver) gives the receptionist some basic demographic information (which is written down) ...name, phone number, address, DOB, and answers some questions as to: what rehab needs they have, guardianship, insurance information, referring physician name. The prospective new patient is never heard from again, is never treated or billed for any service. Does this information need to be retained for 6 years from the date of its creation or can it be shredded.
Michael Scudillo, OTR, CHC, CBIS Chief Compliance Officer/Privacy Officer
Regarding your response below, my understanding is that the HIPAA Security rule applies to only electronic information, however the HIPAA Privacy rule applies to all other forms including paper and oral information. A covered entity is subject to both rules. For example, if a doctor's office submits bills electronically for payment but keeps paper patient files, those files are protected under the HIPAA Privacy rule.
My view is that if the information was written down on paper and not an electronic registration, then we are not talking about HIPAA and information can be shredded. HIPAA was established for electronic transaction. Refer to CMS.Gov under HIPAA.
Michael Scudillo, OTR, CHC, CBIS Chief Compliance Officer/Privacy Officer 15 Microlab Road Suite 101 • Livingston, New Jersey 07039 P: 1-973-992-8181 X7108 • F: 1-973-992-9797 • C: 1-973-699-4964 www.uirehab.com
Perhaps this article will help answer your question...
Thank you Cinda...that was helpful!
Thank you for all the input. We have decided that if the patient simply calls and gives some information but never begins treatment, the information will be shredded.