Health Information Compliance Alert
MEET THE MINIMUM NECESSARY STANDARD WITH THESE TIPS
PDF
Experts reveal how to respond to non-patient PHI requests
All requests are created equal, right? Wrong. The privacy rule outlines what - and how much - information you have to disclose to those who request your patients' PHI. Follow these steps to help your organization avoid a PHI blowout.
SEARCH FOR CLUES
"Scrutinize any requests for patients' information for clues about how much PHI they really need," advises Diann Brown, Director of Health Information Services at Harris Methodist Fort Worth Methodist Hospital in Fort Worth, Texas.
The general rule of thumb is that you always disclose as little information as you can get away with, says Ann Bittinger, an attorney with Jacksonville, FL's Bittinger Law. Some common phrases to look for that can narrow your disclosure boundaries are:
Once you see these terms, you should zero in on them, "cull through the patient's record and pull out that specific information" to send to the requester, Brown counsels.
CRAFT A SKILLED TEAM
"We trained a group of specialists to deal with requests," Brown shares. And within that group, "each release-of-information specialist handles a certain type of request." Example: One team member handles all the insurance requests, while another grapples with subpoenas, she clarifies.
As specialists become proficient in their assigned duties, they can quickly narrow in on what the requester is asking for. They can also quickly spot trouble and pull that request out for further investigation rather than simply respond to it, Brown points out.
ROOT OUT THE BAD APPLES
Responding to an invalid request can put you in the hot seat with your patients - even if you only supplied the minimum amount of information necessary, Bittinger warns.
Good idea: Train your team to do some legwork if they think a request is fishy, Bittinger recommends. "We compare signatures, check ages and dates and ask for more information if a request doesn't seem legitimate," Brown says.
Sometimes the problem lies with the requester, Brown notes. Be prepared to question them about what they want, she advises. Example: A patient's authorization to disclose her information is accompanied by a cover letter. The cover letter asks for the entire medical record; the authorization is for the patient's treatment records following a car crash. "You can only supply what the patient authorized," Brown emphasizes.
THE BOTTOM LINE
Minimum necessary disclosures, like all releases of a patients' information, must be included in an accounting of disclosures, Bittinger notes. And be sure that your staff sticks all requests for information - and your responses - in the appropriate patient file for record keeping, she adds.
Health Information Compliance Alert
- SECURITY:
DON'T LET AN EMERGENCY LEAVE YOUR STAFF IN THE DARK
5 tips will prepare your staff to handle a crisis
Think fast: You're entering information into [...] - COMPLIANCE TRAINING TOOL:
10 SCENARIOS WILL HELP YOUR TEAM WEATHER ANY CRISIS
Quiz your team on their emergency situation savvy
Are you having a hard time helping your [...] - CONFERENCES
Conference Calendar Corner
Worried about your security rule compliance? Check out one of these security rule-focused [...] - PRIVACY:
MEET THE MINIMUM NECESSARY STANDARD WITH THESE TIPS
Experts reveal how to respond to non-patient PHI requests
All requests are created equal, right? Wrong. [...] - SECURITY STRATEGIES:
MAKE YOUR STAFFERS' HANDHELD TOYS 'HIPAA-COMPATIBLE'
3 key steps will help you form your PDA policy
Does your staff want to use [...] - COMPLIANCE TIP:
NIP CRISIS CONFUSION IN THE BUD WITH A CALL LIST
Supply your team with contact names and numbers to cut out confusion
Even if you've prepared [...] - THE THIRD DEGREE:
READER QUESTIONS ANSWERED
HEAR TREATMENT TALK? SPILL THE PHI
Question: A speech therapist at the local elementary school sent [...] - HEALTH INFORMATION NEWS
Privacy rule puts a damper on burn victims' fund
Firefighters contained the destructive wild fires that [...]