Disclose PHI to law enforcement officials when required by law
HIM Connection, December 14, 2004
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Your facility may disclose protected health information (PHI) to law enforcement officials without patient authorization when required to do so by law.
From time to time, a state or other law-for example, the Patriot Act-will require your organization to disclose PHI to law enforcement officials. This generally involves state laws that require reporting of certain wounds or injuries (i.e. gunshot wounds, stab wounds, dog bites), child abuse or neglect, or domestic abuse.
If your state has such a mandatory reporting law, your organization may disclose the patient's PHI to the authorities without getting the patient's authorization to do so. It may also, without getting the patient's authorization, initiate disclosures of a patient's PHI to law enforcement officials when required by law to do so. You don't necessarily have to be responding to law enforcement requests for that PHI.
Example #1: XYZ Hospital treats Patient A for third degree burns. State law requires healthcare organizations to report all burn victims to law enforcement officials. Officer X shows up at XYZ's emergency department and requests Patient A's PHI. XYZ Hospital may disclose Patient A's PHI in response to Officer X's request without getting the patient's authorization to do so.
Example #2: Following a car accident, Patient A is treated at XYZ Hospital's emergency department. Blood test results indicate that the patient was intoxicated while driving his car. State law requires healthcare providers to notify law enforcement when a patient's blood tests indicate that the patient was intoxicated while driving a car involved in an accident. XYZ Hospital may initiate a disclosure of Patient A's PHI to law enforcement officials without getting the patient's authorization to do so.
Tip: Even though the HIPAA privacy regulations don't require it, your organization should get law enforcement officials to put requests for patients' PHI in writing, says health care attorney Kelly T. Hagan. At a minimum, document any oral requests made by law enforcement officials for patients' PHI, he suggests. Your organization should have policies and procedures in place for documenting requests from law enforcement officials.
This excerpt is adapted from the monthly newsletter HIPAA Security and Privacy Staff Trainer.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Searched