Confidentiality, Privacy and Security

Patient Electronic Signatures for ROI

  • 1.  Patient Electronic Signatures for ROI

    Posted 01-14-2020 17:05
    Good afternoon,
    We just received an authorization signed electronically by the patient. We have never seen this before and we are wondering how you all validate that the electronic signature (which looks nothing like a handwritten signature) was created/generated by the patient. If you have this type of signature addressed in your ROI policy, can you share an excerpt with us? We don't want to deny or postpone delivery of records, so we are wondering about the best practice for validating and fulfilling these types of requests.
    Thank you,
    Katie

    ------------------------------
    Kathryn Wood, RHIA
    Assist Dir of Information Systems/Privacy Officer
    War Memorial Hospital
    ------------------------------


  • 2.  RE: Patient Electronic Signatures for ROI

    Posted 01-16-2020 10:03

    I would be interested in knowing what others do too.  We have only had a few but we are getting ready to use e-signature at our facility.  Would like to know best practice.

     

     

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135 direct line

    918.499.1598 fax

    Website Facebook  Twitter LinkedIn | Instagram

     

    A close up of a logo  Description generated with very high confidence

     

     

     






  • 3.  RE: Patient Electronic Signatures for ROI

    Posted 01-17-2020 09:35
    Following. I would be interested in seeing any policies or procedures as well.

    ------------------------------
    Lori Black, RHIA, CCS, CHTS-IM
    HIM Director
    INTEGRIS Health
    ------------------------------



  • 4.  RE: Patient Electronic Signatures for ROI

    Posted 01-17-2020 10:16

    Each EHR has a different method of electronic signature.  It is very difficult to have a comparison on file.  Our signatures are created from a PIN and result in looking like a typed name with the date and time of e-signature.  Some e-signatures look more similar to handwritten signatures like on e-signature capture pad.  Sometimes the only handwritten signature we have on file is on a driver's license image. 

    My thought is to contact the client and document confirmation of the signature or ask to have it emailed or faxed.  The problem with this is it creating a barrier for timely disclosure.  I would love to hear other opinions or if anyone has obtained legal advice.

     

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135 direct line

    918.499.1598 fax

    Website Facebook  Twitter LinkedIn | Instagram

     

    A close up of a logo  Description generated with very high confidence

     

     

     






  • 5.  RE: Patient Electronic Signatures for ROI

    Posted 01-17-2020 09:49
    Hi Kathryn,

    I don't know the answer to this question because I am not a Privacy Officer.

    I was curious to you know how this electronic request originated. Did this come from an outside source like another physician's office. It just seems common sense that if you are going digital, then the medical record request form is sent from the source, your hospital. Then you have better accountability of its authenticity. The patient creates a digital signature through your portal (I believe) where the site has control over the transmission. Then it would be stored in the system for the patient to sign requests with. I'm sure you will find resolve to this. And I didn't mean to confuse you or anyone. I was just thinking here how would you do this.

    In the meantime, if the patient can't come to your office or use a fax or some other delivery beside electronic to get properly signed documents to you, I would suggest let them know that their digital signature does not match signature you have on file.

    I wouldn't ROI to anyone who presents an electronic signature who is in the system without first authenticating we have a digital comparison.



    ------------------------------
    Kelly Randell
    Inpatient Analyst Auditor
    ------------------------------



  • 6.  RE: Patient Electronic Signatures for ROI

    Posted 01-17-2020 10:13

    Thank you for your insight. This was a faxed release form from a government agency. Our HIM Clerical Supervisor did call the office that sent the form, and he described the esignature as something military is using. I have seen this in action so I told them that we could honor these types, but we would like to update/include some guidelines in our policy. The military staff will use their ID cards, with the embedded chip, and a personal code to electronically sign documents now.

    Katie

     

    Katie Wood, RHIA

    Assistant Director of Information Systems/Privacy Officer

    War Memorial Hospital

    500 Osborn Blvd

    Sault Ste. Marie, MI  47983

    p: 906-635-4663   khwood@wmhos.org

     

    I will be out of the office Friday 1/17, Monday 1/20 and Tuesday 1/21.

     


    Confidentiality Notice: This is a transmission from The Chippewa County War Memorial Hospital, Inc. This message and any attached documents are confidential and may be protected by legal privilege, furthermore this communication may contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please notify the sender and delete/destroy this copy from your system. Thank you.   ­­  





  • 7.  RE: Patient Electronic Signatures for ROI

    Posted 01-17-2020 11:19
    Hi Kathryn,

    I wish I knew this in this before the previous reply. Now it makes since. I worked 3 years ago onsite at a gov facility and made a good friend there who is the ROI. The HIPAA officer sat next door to her. So we all collaborated well while I was there. I stayed in touch with my ROI friend. In the past, she would handle each request with reams of paper. Not kidding to the tune of about 100,000 reams a year. People had to personally show up to collect or she would have to mail. She also correlates to other facilities and entities as well. In the last two years, ROI has turned to electronic means, first with a dongle that a person would present for her to transfer their records to. But their is the issue of technology challenged population. They were still coming in to retrieve their boxes of records. When I left, the HIPAA officer was just beginning to use electronic signatures, thus no more need for dongles or reams of paper. You still have the security of info issue. I don't know how they can just email to a person's email their medical record. There needs to be a protected electronic platform that the recipient may use to  retrieve such documents. FYI the DHA is re-vamping the whole health care system. Tricare and Vista. The embedded chip on their IDs is thoroughly encrypted. But the signature it produces might be somewhat different when you see it. I don't know I'm just guessing having not seen one.

    But what you are doing on your end doesn't have anything to do with their end. I wish I could help you with information to apply to your end of business concerning electronic signatures. I would think a policy that bridges the transfer of information would be key in covering accountability and integrity needs by your organization.

    I wish you success in this endeavor. It will take some work, but I am sure you will be able to resolve this to satisfaction for everyone and business entity involved. I'm going to reach out to my friend and see what she may have to say about this. Hopefully, she can provide some guidance on what the other end should have in place before she transfers such sensitive and private information.

    ------------------------------
    Kelly Randell
    Inpatient Analyst Auditor
    ------------------------------



  • 8.  RE: Patient Electronic Signatures for ROI

    Posted 01-21-2020 12:08
    Kathryn,

    We have an online portal that new clients fill out a registration packet that includes releases.  They have the option to use a writing tool for a signature or typing their name. The writing tool uses the mouse on a computer. I'm sure you have seen these, many times the name looks like a slug trail and does not resemble a signature at all.  When the client types in their name it is changed to a font that quasi looks like a signature.  In this day and age most facilities use electronic signatures and/or honor them.  We had two doctor's offices in town that did not honor the electronic signature, that has now changed, I'm sure that is due to the prevalence of the practice.

    ------------------------------
    Melissa Alley
    Client Records Coordinator
    ------------------------------



  • 9.  RE: Patient Electronic Signatures for ROI

    Posted 01-28-2020 19:52
    I wish I'd seen this conversation before I posted my own question. Our office has been receiving authorizations from Disability Determination Services with electronic signatures from the patient. Has anyone else seen this, and have you honored the requests?

    ------------------------------
    Jacqueline Mccauley
    Him/Referrals Supervisor
    ------------------------------



  • 10.  RE: Patient Electronic Signatures for ROI

    Posted 01-29-2020 09:14

    We honor electronic signatures from DDS.

     

     

     

    Melissa Alley

    Client Records & HIPAA/FERPA Compliance Coordinator | Heartspring

    8700 E. 29th St. N.

    Office:  316.634.8769

    Wichita, KS 67226

    Fax:  316.634.8875

    Heartspring.org  |  malley@heartspring.org


    The content of this email is intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, be aware that forwarding it, copying it, or in any way disclosing its content to any other person, is strictly prohibited and may be prosecuted. If you have received this communication in error, please notify the author by replying to this email immediately.






  • 11.  RE: Patient Electronic Signatures for ROI

    Posted 01-29-2020 10:37
    We honor them from DDS.  Otherwise, we contact the client and make sure they electronically signed the form.

    Lynn Boyes, RHIT

    Health Information Management Director,

    HIPAA Privacy Officer

    7010 S. Yale Ave | Tulsa, OK 74136
    lboyes@crsok.org 918.236.4135

    918.494.9870

    Website Facebook Twitter LinkedIn | Instagram

     







  • 12.  RE: Patient Electronic Signatures for ROI

    Posted 02-05-2020 18:16
    Edited by Ryan Hallman 02-05-2020 18:19
    We generally accept them as is from DDS (and most facilities we work with do the same). As a policy, from anywhere else, we have our staff contact the patient and verify they signed that form verbally and note in the system. Electronic signatures go back to the telegraph but obviously, under HIPAA, we have to verify the authenticity of the release form to the greatest extent possible, so adding in an additional layer like a telephone call is necessary, in my opinion, even though the fraud would be on the side that submitted the forged electronic signature (same concept goes with forging an ink signature),

    ------------------------------
    Ryan Hallman
    Diversified Medical Records Services, Inc.
    Director of Operations
    ------------------------------