Q&A: Releasing patient records to insurance companies
Compliance Monitor, November 24, 2010
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q: An insurance company is requesting copies of medical records to review our CPT ® coding. These cases are at least one year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?
A: Covered entities (CE) are permitted to use or disclose PHI without patient authorization for treatment, payment, and healthcare operations. Most CEs think about their own healthcare operations, but the Privacy Rule permits CEs to release PHI to another CE—if the second CE needs the information for its healthcare operations—as long as both CEs have a relationship with the patient.
In this case, you may release patient records to the insurance company if it is auditing the accuracy of its claims payment process. This request is probably legitimate; you’ll simply need to get more information from the insurance company to ensure that this is part of its healthcare operations.
Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question in the December 2010 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Stark Law, 2nd edition: A user's guide to achieving compliance
This updated version of HCPro's Stark Law best seller, first published in 2005—and now co-authored by former CMS Stark...
-
The Compliance Officer's Handbook, 2nd Edition
This revised edition is packed with even more practical tools, case studies, tips and tools, sample audits, and sample...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q/A: Coding infusions to correct low potassium levels
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Searched