Does an auditor have the authority to access patient records ?
Yes. With compliance required under both state and federal patient confidentiality laws, there is genuine concern and a legal responsibility on the part of the dental office to ensure that unauthorized individuals do not have access to patient records. However, both state law and the federal HIPAA privacy rule recognize the right of third-party payers to access their enrollees' health records. Under HIPAA, for instance, protected patient health information can legitimately be used for the purposes of treatment, payment for treatment and for an umbrella category of functions called "health care operations." Included in the definition of health care operations are activities pertaining to quality of care, so quality of care audits conducted by dental plans come under the permitted use of protected patient records. Dental plans are themselves regulated entities under the HIPAA privacy rule and as such they also have a legal obligation to protect the confidentiality of patient records in their possession or to which they have legal access.