Julia,
There's no regulation that prohibits patients from picking up itemized
statements from either the covered entity (e.g., a hospital) or its
business associate (e.g., an outsourcing agency). �However, both covered
entities and business associates must reach their own conclusions as to how
they can ensure that when they provide itemized statements to patients,
thus using or disclosing PHI, they are, in fact, �providing them to the
right people. �In other words, they must make decisions as to how they will
go about (a) verifying the identity of the individual to whom information
is to be sent; or disclosed and (b) confirming that the person to whom the
information is to be sent or disclosed is either the owner of the
information (i.e., patient) or someone authorized to receive it on behalf
of the patient.
The rules do not indicate what level of proof is required for verifying
identify or standing to receive information. �A covered entity or business
associate could decide not to release PHI to anyone who did not appear in
person and present a valid photo i.d., but while that might reduce the risk
of unauthorized disclosures of PHI, it would likely be detrimental to
customer relations.
Peter
************************************************
Peter B. Goldstein
Cap Gemini Ernst & Young, US LLC
4610 South Ulster Street, Suite 600
Denver, Colorado �80237-4323
(303) 796-4148 (Direct)
(413) 740-0512 (Facsimile)
cap comm: 657 4653
[EMAIL PROTECTED]
************************************************
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
