SBS - The best value in QMS software

Collecting Patient Information and Patient Identifiers - HIPAA

E

ehoqa

#1
We are a manufacturer of a prescription-based medical device in the US. We sell to hospitals/doctors and to patients with prescriptions. In light of HIPAA rules and obligations of covered entities and business associates, we realize we don't collect much patient information. We are wondering if our current procedure in collecting patient information meets a regulation or standard regarding patient info (if there is one?).

Here's the info we currently have from receiving prescriptions before we ship our product:
1. the prescribing doctor
2. the patient's name
3. the size & preferred color of our product.

We also have the ship-to address and credit card number associated with the order, though those are not necessarily the patient's address and credit card.


My questions are:

As a medical device manufacturer in supplying prescription-based products, is our current procedure for collecting patient information adequate? (i.e. does it meet a regulation or standard, if there is one regarding having the minimum patient information?)

If we need to change our procedure in collecting patient information, are we obligated to use a minimum number of patient identifiers? Do we need to go further to require another identifier such as patient's birthday?

As I mentioned, we just have the doctor's name/contact, patient's name, and product. Shipping address and payment information may or may not be the patient's. Internally we don't need to collect more information for our purposes of selling the products and keeping our orders straight, but I want to make sure we are not breaking any rules by not having enough patient information. I hope this make sense!

I realize it's the holiday season so this question may not get much attention. I hope someone can answer or point me in the right direction of where to look.
 
Elsmar Forum Sponsor
J

JillianWright

#3
Protection of health information of patients is one of the primary aims that the Health Insurance Portability and Accountability Act (HIPAA) seeks to achieve. This being the case, it is natural that whenever an entity that is tasked with protection of this data fails to achieve this, it has to face penalties and other punishments for HIPAA violations. HIPAA violations and law enforcement play a major role as a medium in ensuring that patient information is kept confidential as required by this legislation.

HIPAA violations and law enforcement are built on the national privacy standards that have been embedded into HIPAA. If any information about the patient is disclosed to any unauthorized source without authorization, this constitutes breach of patient privacy, and brings HIPAA violations and law enforcement into play.

The role of the law enforcement official

HIPAA violations and law enforcement is founded on a well-established set of fines and penalties that are prescribed for the different kinds of privacy breach. This is how HIPAA violations and law enforcement work:

HIPAA's Privacy Rule has a definition for a law enforcement official. Any officer, official or employee of any local, State, or federal agency, or a member of an Indian tribe who has the requisite qualification can be appointed as a HIPAA enforcement official.

Such an official, who has been given the power to investigate a potential violation of Protected Health Information (PHI), is empowered to prosecute an entity that is found to be violating provisions of the HIPAA. This constitutes the core of HIPAA violations and law enforcement.

Of course, such a designated person should carry the requisite legal identification documents required to establish the proof of the person's authenticity. Any Covered Entity, including hospitals, has the right to demand proof of genuineness of the person's identity. This said; a law enforcement official has to have the proper permissions and situations to carry out law enforcement activities for HIPAA violations
 
Thread starter Similar threads Forum Replies Date
S Ensuring Randomness in Collecting Chicken Samples for Microbiological Testing Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
M Electronic Form for Collecting 5S Data Automatically Lean in Manufacturing and Service Industries 9
Hami812 Collecting Data for SPC Control Charting Statistical Analysis Tools, Techniques and SPC 7
P Collecting Analysis Reports from all Departments - Clause 8.4 Analysis of Data ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
A Collecting Clinical Data using CE Marked Devices EU Medical Device Regulations 4
C Collecting SPC Data Electronically? CNC Lathes, CNC Mills and CNC Grinders Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
S Problem Collecting In-Service Data (AS9100 Clause 7.5.1.4) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Audit NC for not collecting/reviewing feedback from Internal Customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
J Customer Satisfaction Graph - Method of Collecting Customer Satisfaction Data ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
G Collecting Customer Satisfaction Data - What are some methods? Benchmarking 6
G A twist on collecting Customer Satisfaction Information ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Definition Quality Records - 4.16 - Definitions for "identification, collecting, indexing....." Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
T Documenting hazardous situations associated with user/patient population ISO 14971 - Medical Device Risk Management 3
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
J Medical software Patient outcome Medical Information Technology, Medical Software and Health Informatics 2
T Single Fault Condition IEC 60601 Clause 8.7.1 shorting Cr/Cl in Patient Applied Part IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
S Immobilization and patient positioning for radiotherapy Other US Medical Device Regulations 10
JoCam Mobile Patient Hoists and Electrical Testing Other Medical Device Related Standards 0
D Defibrillation protection for patient connection except for electrodes IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
M Informational US FDA Draft Guidance – Breast Implants – Certain Labeling Recommendations to Improve Patient Communication Medical Device and FDA Regulations and Standards News 0
M Informational US FDA Draft Guidance – Patient Engagement in Design and Conduct of Medical Device Clinical Investigations Medical Device and FDA Regulations and Standards News 0
M Informational US FDA Patient Engagement Advisory Committee – Cybersecurity in Medical Devices: Communication That Empowers Patients Medical Device and FDA Regulations and Standards News 0
M Informational TGA – Medical device patient information leaflets and implant cards Medical Device and FDA Regulations and Standards News 0
A Moving and positioning of patient - Mechanical hazard IEC 60601 - Medical Electrical Equipment Safety Standards Series 18
T Battery Powered Device - MOP and Patient Auxiliary Currents IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
U Hand-Held dosing device has no PATIENT - Interpretation of the PATIENT definition IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
M Informational US FDA – Patient-Reported Outcomes (PROs) in Medical Device Decision Making Medical Device and FDA Regulations and Standards News 0
M Informational US FDA – Priority List of Patient Preference-Sensitive Areas Medical Device and FDA Regulations and Standards News 0
M Informational US FDA – Patient Preference Information (PPI) in Medical Device Decision-Making Medical Device and FDA Regulations and Standards News 0
S Calibration - Isolated current meter - Measuring patient auxiliary leakage current Calibration and Metrology Software and Hardware 4
L PC in patient environment - BF applied part that uses USB to connect to PC IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
W IEC 60601-1-2 Susceptibility/Immunity for device intended to be used in patient body IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
M Medical Device News TGA Consultation: Potential reclassification of active medical devices for diagnosis and patient therapy Medical Device and FDA Regulations and Standards News 0
M Medical Device News CAMD – Patient Safety – The Focus For All Competent Authorities For Medical Devices (CAMD) Members Medical Device and FDA Regulations and Standards News 0
M Position paper Team NB Statement - Patient safety EU Medical Device Regulations 0
U PATIENT CONNECTION for HAND-HELD Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
O Is Patient Cable Exempted from EFT Tests? (IEC 60601-1-2) CE Marking (Conformité Européene) / CB Scheme 1
K How to document a Patient Outcome claim for a Class I device? US Food and Drug Administration (FDA) 5
A US patient gets Medical Device in Europe and needs spare parts 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R Definition Patient - Definition in IEC 60601-1 Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
M "Single Patient Use" Terminology Confusion Other Medical Device Related Standards 9
R Risks to Health - Patient and Clinician ISO 14971 - Medical Device Risk Management 4
F How to provide 2 MOPP (Means of Patient Protection) - Heating Rod IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
B AAMI Standard - 6 Foot Radius Patient Vicinity Various Other Specifications, Standards, and related Requirements 2
M Not sure what standards apply to non-electrical patient bed EU Medical Device Regulations 6
B Use of Y1 capacitors for MOPP (means of patient protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
W How can I test the Patient Leakage Current of an Infusion Pump? IEC 60601 - Medical Electrical Equipment Safety Standards Series 9
T Patient / User Protections in Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 3
D Patient Leakage ISO 7176-14 vs. IEC 60601-1:2005 Reporting Requirements Other US Medical Device Regulations 1
E Minitab for hourly patient census - Control Charts Using Minitab Software 6

Similar threads

Top Bottom