USB for record request?

Provided by: Jennifer Kirschenbaum, Esq.

August 29, 2017

Question:

Hi Jennifer,

Can I give patients a USB who are requesting their information?

Thanks,
Dr. O

Answer:

HIPAA does not dictate which mode a covered entity must use to transmit protected health information; instead, HIPAA provides guidance on the protections a covered entity should have in place to ensure the protected health information is not disclosed in an unauthorized manner.

For instance, a USB device may be used to provide patients their protected health information. The covered entity may even charge a reasonable fee for providing same, as specified in more detail in this Office for Civil Rights policy - https://www.hhs.gov/hipaa/for-professionals/faq/2029/how-can-covered-entities-calculate-the-limited-fee/index.html. However, if a covered entity or business associate were to disseminate unsecured USBs in a way that compromised the protected health information, it is likely that entity would have exposure from potential review and fine by the Office For Civil Rights – whether initiated by patient complaint, notice of breach or otherwise.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!