Can we ever disclose PHI to the employer without a patient’s authorization?
HIPAA Weekly Advisor, November 8, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Can we ever disclose PHI to the employer of a patient without that patient's authorization?
A: The regulations permit such disclosure only in limited circumstances concerning work-related injuries and illnesses or workplace medical surveillance. Only health care providers are permitted to disclose the information. All other such disclosures to an employer would require a signed authorization.
Disclosures are permitted without authorization if the covered entity is a covered health care provider who is a member of the employer's workforce or provides health care to the individual at the request of the employer, in the following circumstances:
- The health care provider is conducting an evaluation relating to medical surveillance of the workplace or is evaluating whether the individual has a work-related illness or injury
- The employer needs the findings to comply with its obligations under the Occupational Safety and Health Administration or the Mine Safety and Health Administration or a state law with a similar purpose, to record such illness or injury or to carry out responsibilities for workplace medical surveillance
The PHI must consist only of findings concerning a work-related illness or injury or a workplace-related medical surveillance.
The covered health care provider must provide written notice to the individual that PHI relating to the medical surveillance of the workplace and work-related illnesses and injuries is disclosed to the employer in either of the following two ways:
- Giving a copy of the notice to the individual at the time the health care is provided
- Posting the notice in a prominent place at the location where the health care is provided if it's provided on the employer's work site
This notice requirement is separate from the Notice of Privacy Practices. Review state law with legal counsel to make sure there are not more restrictive requirements.
Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP (http://www.bricker.com) and The Quality Management Consulting Group, Ltd. (http://www.qmcg.com). E-mail: mbaxter@bricker.com or gmcbeath@bricker.com.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- Case Management Monthly, March 2012
- Searched