HIPAA Release of Information Requirements: Are You Complying?
HIPAA release of information requirements were developed to safeguard patient Protected Health Information (PHI). They are based on the premise that PHI should not be used or disclosed unless it is necessary to answer a health question that is relevant to the scenario, and that only the absolute minimum of information should be accessed.
Entities that handle the HIPAA release of information process must maintain constant vigilance to remain compliant in the face of frequent changes and updates to HIPAA policies and procedures. Following are some important objectives that enable organizations to achieve compliance when handling a request for release of information:
- Extract the minimum amount of medical information necessary to answer the query. Companies that are involved in HIPAA release of information practices must continually evaluate how they are disseminating PHI. To be HIPAA compliant, establish and maintain safeguards to limit disclosure of unnecessary patient medical information.
- Maintain confidentiality of Protected Health Information (PHI). Return all files to their proper location immediately after reviewing them. Close out of any screen on a desktop, laptop or PDA that is displaying PHI immediately after the query has been answered. Most HIPAA violations occur when open files are left sitting on a desk or station, or a laptop is left open to the file and someone inadvertently views the information.
- Develop a best practices approach to train and educate personnel on the importance of HIPAA compliance. Staff that is thoroughly trained and understands the importance of safeguarding patient PHI is less likely to commit errors due to apathy or ignorance. Staff working with PHI must be knowledgeable regarding all the parameters that must be met before patient PHI is released.
- Establish consistency as a primary benchmark. Standardize release of information procedures and regularly monitor staff to ensure consistency among all staff members who are involved with HIPAA release of information. Variances across the team in how individuals handle PHI increases the likelihood that HIPAA violations will occur.
The key to HIPAA compliance is commitment to staying current with the rules and regulations, and achieving staff acceptance of the importance of complete compliance. A collaborative partnership with a company that specializes in release of information can reduce your organization's incidence of HIPAA violations and enable your healthcare team to focus their energies on providing excellent care to their patients.
Fig Gungor is CEO of OneSource Document Management, a New York based company that offers a broad range of customized copy and scanning services that translate into a significant savings for insurance companies, hospitals and large medical facilities.