Sunday, October 3, 2010
Lisa Israel, MBA, CMT
Releasing Protected Health Information
The Health Insurance Portability and Accountability act of 1996 (HIPAA) is a federal law that defines the reasons protected health information (PHI) can be released. HIPAA created important rules and regulations safeguarding the confidentiality of protected health information (PHI) and published updated guidelines in 2003 to include electronically collected, maintained, used, or transmitted PHI. Any confidentiality violation could result in fines, termination, and possible imprisonment (Green, Bowie, 2010). In most cases, the covered entity is required to obtain an individual’s authorization prior to disclosing any health information to a third party. In most circumstances, the patient or a legal representative of the patient controls the disclosure of PHI to any third party. If there is a signed consent, the covered entity may release the PHI to anyone the patient wants without violating HIPAA regulation. If the patient is not present or is incapacitated, PHI may need to be disclosed to another person if it is found to be in the best interest of the patient (State of Idaho, 2000). However, there are many situations in which government agencies or other covered entities have the right or legal obligation to access, obtain, or disclose PHI without needing or requiring written authorization from the patient or the patient’s representative. Covered entities may disclose protected health information for the purpose of audits to ensure quality improvement of the facility. If there is an investigation of professional misconduct PHI may be released for civil, administrative, or criminal investigations for malpractice suits. If governmental agencies as OSHA, Medicare or Medicaid serve a subpoena duces tecum to the hospital, no authorization from the patient is needed to release PHI (Understanding Health Information Privacy, 2010)....