• E-mail
• Print
• RSS

HIPAA Q&A: Do we need a contract?

HIPAA Weekly Advisor, September 21, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q. I am the HIPAA privacy and security officer for an outpatient orthopedic surgery center. We often have difficulty obtaining preoperative cardiac clearance documentation from the nearby CV office.

We send patients there before surgery because we need the cardiac clearance, but at the time of surgery, the office states that HIPAA prevents it from providing any information. I know it would be easier if patients called to request this information.

However, we often can’t reach them, they don’t know what to request, or the surgeon believes that obtaining this information is our responsibility. Do we need some type of sharing contract? What can we do? All we want is to provide patients the best and safest care.

A. Unfortunately, this seems to be a common misinterpretation of the privacy rule, which allows disclosure of PHI without patient authorization for treatment purposes. You may start by contacting the privacy officer or the office manager at the CV office and explaining that releasing information for treatment purposes without patient authorization is permissible. Consider providing specific information from the OCR HIPAA Privacy Web site to support your position.

If that doesn’t work, simply asking patients to sign an authorization form to release the information to the surgery center may be easier. Patients could sign the authorization as part of their preoperative paperwork and take it with them to the CV office.

Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question. This is not legal advice. Consult your attorney regarding legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive