Here are my thoughts based on all that I have learned in this program over past few months.
The medical office specialist (MOS) has a legal responsibility/duty to maintain the security of protected health information (PHI). The sharing of PHI is controlled by the privacy rule contained in HIPAA. This is Federal law and is often augmented by State law. States may have special conditions for releasing PHI for public safety reason as in the case of HIV-positive patients. Some States also have increased the number of years that medical records must be maintained. There are also certain situations such as abuse, neglect, and gunshot wounds, where the law requires reporting to other agencies i.e. law enforcement or child protective services. …show more content…
This person is trained in the legal procedures for release of PHI.
There are three ways that PHI, in electronic form, is protected in a facility, they are; Administrative Safeguards, Physical Safeguards, and Technical Safeguards. These make up the functional framework for protecting health information. These are mandated by the Security Rule of HIPAA. The medical office specialist needs to understand the roles that these safeguards play in the office environment.
The Security Officer is reasonable for all things HIPAA and ultimately they are the one the auditor will want to speak with when the facility has its audit. And there will be an audit. The MOS must adhere to all office protocols that the Security Officer for the facility has deemed necessary. These protocols may include mandatory password changes at regular intervals, policies about removing laptops and tablets from the facility, even if work related. The MOS should always monitor the manner in which they speak about patients to other staff or while on the