Releasing protected health information (PHI) is a complicated process that needs regular updating. The general privacy rule regarding ROI is that the patient’s medical record information may only be released to third parties if the patient has consented to such disclosure. On the face of it, seemingly a straight forward process. However, there are levels of complexity that make the process difficult to manage
For starters, there are both state and federal laws which govern the process. The most stringent law applies, but in some cases theses laws countermand each other. For example, some states allow disclosure to any person with the consent of the patient. Other states permit release on patient consent only to specific classes of persons (lawyers, employers, government agencies, etc). Consent in some states is binding and mandatory, while other states merely grant permission to disclose.
This is really a wonderful product, I’m very happy with it. Cialis? You can find more information about generic medications here.
Under HIPAA, the only circumstance where ROI is permissible without expressed consent, is when covered entities are releasing PHI to facilitate treatment, payment and/or healthcare operations (TPO). Even this area is under pressure of more regulation as there are rules pending that require an audit trail of this information movement.
The point is that this is a difficult process and it is getting more so. The privacy rule is only part of it. There is also a security rule that pertains. The security rule deals with the “how” of maintaining privacy. In general, the ROI patient authorization will include:
- Patient’s name and identifying information (at least 2 data point)
- Institution/care provider directed to release the information
- Specific information to be released
- Identity of the party to receive the information
- Legal language authorizing ROI
- Signature of patient or authorized individual and date it was signed
- Time period for which the release remains valid
The time period for allowable ROI can sometimes be tricky. If it involves lawyers and/or court cases, it is often difficult to ascertain an end date. In those cases the language may need to reflect a continuing authorization that states “until the end of the current litigation for that specific case or until the end of the case.”