Q&A: Releasing patient records to insurance companies
Compliance Monitor, November 24, 2010
Q: An insurance company is requesting copies of medical records to review our CPT ® coding. These cases are at least one year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?
A: Covered entities (CE) are permitted to use or disclose PHI without patient authorization for treatment, payment, and healthcare operations. Most CEs think about their own healthcare operations, but the Privacy Rule permits CEs to release PHI to another CE—if the second CE needs the information for its healthcare operations—as long as both CEs have a relationship with the patient.
In this case, you may release patient records to the insurance company if it is auditing the accuracy of its claims payment process. This request is probably legitimate; you’ll simply need to get more information from the insurance company to ensure that this is part of its healthcare operations.
Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question in the December 2010 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace.
Related Products
-
Stark Law, 2nd edition: A user's guide to achieving compliance
This updated version of HCPro's Stark Law best seller, first published in 2005—and now co-authored by former CMS Stark...
-
The Compliance Officer's Handbook, 2nd Edition
This revised edition is packed with even more practical tools, case studies, tips and tools, sample audits, and sample...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
The Privacy Officer's Handbook, Second Edition
Privacy and security requirements now extend to business associates and vendors of personal health records. Individuals, not...
-
HIPAA/HITECH Omnibus Final Rule: Stay Compliant With 2013 Changes
Is your organization ready to comply with the HIPAA Omnibus Final Rule? Our experts help you understand the Rule and help...
Most Popular
- Articles
-
- Note from the instructor: CMS clarifies payment amount to be applied to payment caps and manual review thresholds for outpatient therapy services provided by critical access hosptials
- Note from Hugh
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- Recent Recovery Auditor activity
- The week in Medicare updates
- Five tips for an effective hospital patient safety program
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- Citing HIPAA, CVS to end prescription reminders via mail
- Latest scores show incremental progress in hospital safety
- Change your EMR to prepare for ICD-10
- E-mailed
-
- Note from the instructor: CMS clarifies payment amount to be applied to payment caps and manual review thresholds for outpatient therapy services provided by critical access hosptials
- Q&A: Focused professional practice evaluation (FPPE)
- Five tips for an effective hospital patient safety program
- Change your EMR to prepare for ICD-10
- CMS recommends use of AHRQ Common Formats for hospital adverse event reporting
- 2014 Hospice Proposed Rule Released
- Solidify processes to avoid HAC penalties
- Steps to comply with HIPAA 2.0: Revise your policies and procedures
- 2014 IPPS Proposed Rule: CMS focuses on quality measures, inpatient status
- Citing HIPAA, CVS to end prescription reminders via mail
- Searched