The new HIPAA Privacy Rule has made it easier to disclose student immunization records to schools in order to meet the requirements of the “school entry” laws.
Most states are governed by “school entry” laws which prohibit students from attending school until they have provided documented proof of all required immunizations. The intent of the school entry law is to prevent the spread of communicable diseases in the school setting.
In the past, a signed HIPAA compliant authorization for the release of information would be required, prior to releasing immunization records to a school.
The new HIPAA Privacy Rule has played an important role in guaranteeing this documentation can be easily obtained and shared in a timely fashion with the appropriate school personnel.
The new rule allows a healthcare provider to obtain an agreement, either verbally or in writing from the parent, guardian, or other person acting in loco parentis of the student, unless the student is an adult or emancipated minor. If the agreement is obtained verbally, the health care provider is required to document the agreement to disclosure. The privacy rule does not outline the format of the documentation, or require any of the data elements required by the Privacy Rule for written HIPAA Authorizations, it is up to the provider to determine how to capture this information.
What does this mean?
Since a signature is not required, the new rule would allow the notation of a parent or guardian’s phone call, or verbal request, in the student’s medical record to suffice as documentation of the agreement to the disclosure.
If the same request was submitted in writing or through email, a copy of the request is sufficient documentation of the agreement to disclose the immunization information to the school.
Documentation of the agreement in any format must be maintained for six years.
What are your thoughts?