Subscribe to our newsletter

Posts Tagged ‘hipaa email’

The practicality of sharing PHI

Wednesday, May 27th, 2009

There will be circumstances when it is necessary to share PHI with a patient’s family and friends.  This is permitted under the HIPAA as long as the information is needed, and pertinent to the ongoing care of the patient.

Practical examples would be if a patient’s family are waiting in an ER or outside an operating theatre and the doctor or surgeon wants to update them on the patient’s condition, treatment or medical procedure.

Or if a patient is being looked after by a friend or family member, they are going to need to know the condition and types of care needed.  For example the type of medication, or particular type of care.  Any symptoms or side affects to be aware of, or how to provide a certain treatment at home.

These kinds of things are practical to the continued care and wellbeing of the patient and are permitted to be shared with (generally designated) family and friends.  These circumstances do not necessarily need the patients consent either.  In some circumstances the patient may not be able to offer their consent, if they are incapacitated or unfit.  The medical personnel are then permitted to make a judgement call of what information to share and with whom to share it.

There are also permitted discussions and use of PHI if a family member or friend is assisting or arranging payment for the treatment.  Some sharing of the medical information is going to be necessary to justify the bill, or allow the person to involve the insurance company.  Again, a good practical reason for sharing the information allowed under HIPAA.

So although the HIPAA is fairly stringent in controlling access to PHI, it tries to add a practical approach to how it handles things.  It is designed to protect the information as much as possible while not interfering with the actual care of the patient.

Tags: , ,
Posted in Uncategorized | 1 Comment »

HIPAA Overview

Wednesday, May 27th, 2009

hipaaThis innocuous acronym stands for Health Insurance Portability and Accountability Act.  This is a federal statute that was enacted in 1996 to attempt to protect the medical records of citizens.  The Act itself is massive, and covers many aspects of medical care and the handling of records and information.  The two that are relevant to our needs are the privacy rule and the security rule.  Both of which will be covered in depth later.  There are other rules provided under the act and they are the Enforcement Rule, the Transactions and Code Sets Rule and the Unique Identifiers rule.

The idea was to have an all encompassing act that covered as much ground as possible with regards patient privacy and confidentiality.  As expected the act is complicated and convoluted even for lawyers to work with, let alone the people it is designed to protect.  It serves to protect any medical record that an individual may have and attempts to afford these records as much control and privacy as possible. The people responsible for enforcing the privacy aspect of HIPAA is the Office for Civil Rights (OCR) and took effect in April 2003.

Within the act, patients are called ‘individuals’ and their medical records are called ‘PHI’ or ‘Personal Health Information’.  Any organization who handles PHI, or pays or receives electronic payment from an organization that conforms to HIPAA is subject to it.  PHI itself is regarded as any “individually identifiable health information” used, stored or transferred by any organization or entity, in any form.

There was a myth that the HIPAA only covered electronic information, but this is false.  It covers medical information as above in any form or media.  It doesn’t matter if it is electronic, paper or oral, the act applies.

The PHI itself is anything that could even loosely identify an individual and associate them with medical information.  It includes any past, present or future medical conditions, any healthcare provision information and any payments related to any healthcare provision.

Basically this all means that an organization covered by HIPAA is not permitted to disclose medical information to anybody unless the individual authorizes it or the privacy rule itself requires it.

Tags: , , , ,
Posted in Uncategorized | No Comments »