Releasing Protected Health Information HCR 210 Axia College July 11, 2010 The Health Insurance Portability and Accountability act of 1996 or HIPAA, was put in place as an attempt to reform health care during the Clinton administration by making it possible for workers, of any profession, to change jobs regardless if the worker, or any member of their family, have a pre-existing medical condition, decreasing paperwork which is associated with the processing of health claims, and by reducing health care abuse and fraud, and by assuring the privacy and security of health information.
HIPAA’s standards for privacy of individually identifiable health information or privacy rule includes restrictions which protect the confidentiality and security of health information, and determines a criterion to protect the confidentiality of individually identifiable health information that is maintained or transmitted through electronic means in association with certain administrative and financial transactions such as electronic transfer of health insurance claims.
The covered entity, in most cases, is required to obtain an individual’s authorization prior to disclosing any health information. And in most circumstances the patient or a legal representative of the patient controls the disclosure of PHI to any third party. However ,there are many situations in which agencies or covered entities have the right or legal obligation to access or obtain PHI. Some examples of instances where a government agency may disclose this private health information are (not limited to). : For public health purposes such as investigations, surveillance, and interventions, PHI may be disclosed to public health authorities and their authorized agents * PHI may be disclosed to report abuse, neglect, or domestic violence. * Covered entities may, under specified conditions pursuant to a court order, subpoena, or other legal order disclose PHI to law enforcement officials to help identify and locate a suspect, fugitive, or missing person, to provide information related to a victim of a crime or a death that may have resulted from a crime, or to report a crime.
In some instances HIPAA does not require the covered entity to obtain consent, authorization, or to provide the opportunity for the patient to agree or object to the disclosure examples of such are: * Public health activities * Law enforcement purposes * Judicial and administrative proceedings * Identification and location purposes * Research purposes * Decedents * Food & drug administration (FDA) * Specialized government functions (military and veterans activities) * Workers’ compensation * Health oversight activities
Victims of abuse, neglect, or domestic violence’s may have their PHI disclosed to a governmental authority that is authorized to receive such reports unless the agency believes that giving such a notification would place the victim at risk of serious harm or that doing so would not be in the victims best interest, and the victim must be informed that such a report has been or will be made. A covered entity may also release PHI to a legal agency when reporting certain types of injuries and/or wounds such as gunshot wounds, dog bites, motor vehicle accidents etc.
When any law enforcement official requests PHI to assist in identifying or locating a suspect, fugitive, material witness, or missing person; only the following can be disclosed, however, the covered entity may not disclose any PHI which relates to DNA or DNA analysis, dental records, or typing, samples, or analysis of bodily fluids or tissues (Inmates of any correctional institution however have none of the above rights and correctional institutions may use PHI for any purpose. : * Name and address * Date and place of birth * Social security number * Distinguishing physical characteristics, including weight, gender, race, hair and eye color, presence or absence of facial hair, scars and tattoos. * Type of injury * Date and time of treatment * Date and time of death * ABO blood type and Rh factor
Medical professionals, who are involved in clinical or epidemiological research are often allowed to gain access to patient records, minus any individually identifiable information by health care providers A covered entity may disclose o PHI without authorization from the individual, for activities and purposes related to research which has been approved by a privacy board or an Institutional Review Board (IRB). However, an authorization for the use and disclosure of PHI is required if and/or when such research includes actual treatment of the individual.
These and other agencies can disclose PHI through de-identification. De-identification is PHI which contains no identifying information about an individual and so, this information can be disclosed so long as nothing can individually identify the patient. The following are examples of some things that will be removed from the record for the purpose of De-Identification : * Names * Addresses or other geographic identifiers such as zip codes * Relatives * household members * All dates (except years) related to an individual * Employers All numbers such as; Telephone SSN Medical records Account numbers Beneficiary numbers Certificate/license numbers License plate numbers VIN numbers for vehicle(s) serial numbers and/or device identifiers (implants pace maker etc) URLs IP address Biometric identifiers Photographic images and any other unique identifying number, characteristic, or code. It seems that the principles that permit disclosure are much the same with how police may obtain evidence. It seems that something’s have been deemed “public” and others private.
Anything outside the body such as piercing, tattoos, or facial hair does not have an expectation of privacy, however those which are inside such as pacemakers, organs, blood type etc do hold an expectation of privacy. I feel for the most part that privacy safeguards are adequate and upheld to the best of the abilities of those involved. I do however feel that no matter how hard we try and how many laws we put into place there will always be “bad apples” out there, I mean without them these laws would not really be even needed.
References : Green, M. A. , & Bowie, M. J. (2005). Essentials of health information management: Principles and practices. Clifton Park, NJ: Thomson U. S. Department of Health & Human Services. (2010). Health Information Privacy. Retrieved July 11, 2010 from http://www. hhs. gov/ocr/privacy/ CDC. (2003). HIPAA Privacy Rule and Public Health. Retrieved July 11, 2010 from http://www. cdc. gov/mmwr/preview/mmwrhtml/m2e411a1. htm