May a physician send protected health information overseas for transcription?
Yes. The Privacy Rules limit the types of disclosures that are acceptable, but do not limit the ability of a physician to make a disclosure to any particular type of recipient, including a non-U.S. recipient. A physician must enter into a Business Associate Agreement with its transcription company, regardless of where the company is located, so that safeguards to protect privacy are in place at the transcription service. The Privacy Rules require physicians to use appropriate safeguards when storing or transmitting information (within or outside of the U.S.), and the physician is responsible for ensuring that a subcontractor (such as a transcription service), wherever located, uses appropriate safeguards too. Depending on where the physician is sending the patient information, local laws may also apply and the physician should consider consulting with legal counsel there as well.
Related Questions
- May a physician share protected health information with a sales representative as part of a discussion about the physicians experiences with the manufacturers product?
- What are some examples of procedures required under HIPAA for handling protected health information?
- May a physician send protected health information overseas for transcription?
