Q&A: You’ve got questions! We’ve got answers
Physician Practice Insider, April 18, 2017
Submit your questions to Editor Nicole Votta at nvotta@hcpro.com and we will work with our experts to provide you with the information you need.
Q: The children of an elderly patient at our practice often contact us to request copies of the patient’s records including lab tests and charts. We’ve noted the names of the patient’s children and the patient has verbally confirmed that we may give them access. However, sometimes the children’s spouses or even their own children (the patient’s grandchildren) request information on behalf of the patient’s children. We informed the patient that we cannot share information with these individuals without specific permission. When the patient requested that we also share information with these individuals, several of the patient’s children complained.
We would like to help the patient keep her family informed but I’m concerned that we may leave ourselves at risk of a breach with so many other individuals involved and several members of the family unhappy with the situation. Can we ask patients to submit a signed document stating who their personal representative(s) is/are? Can a patient have more than one personal representative?
A: There are two types of disclosures of protected health information (PHI) discussed above, and HIPAA handles these disclosures differently.
The Privacy Rule permits healthcare providers to share limited verbal information with family members and friends involved in the patient’s care. Although consent or written authorization is not required, patients must be given an opportunity to agree or object to the sharing of their PHI. Many physician practices ask patients to complete a form that lists family members or friends with whom information may be shared verbally, listing these individuals by name and their relationship to the patient. The patient may designate as many individuals as he/she chooses, and other family members do not have the right to object to the wishes of a competent patient.
Releasing copies of the patient’s record requires written authorization from the patient. The patient must sign a written HIPAA-compliant authorization form specifying the information that may be provided. If the patient is not competent, authorization must be obtained from the patient’s legal representative (usually someone designated in a durable power of attorney or a medical power of attorney).
Editor’s note: This question was answered by Mary D. Brandt, MBA, RHIA, CHE, CHPS. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your questions to Editor Nicole Votta at nvotta@hcpro.com.
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- FDA says to decrease reuse of devices, CMS removes some blanket waivers
- Note similarities and differences between HCPCS, CPT® codes
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Skills of effective case managers
- Steps for maintaining patient privacy
- Clearing up the confusion: CPT codes 76376 and 76377
- The consequences of an incomplete medical record
- Neurological checks for head injuries
- E-mailed
-
- FDA says to decrease reuse of devices, CMS removes some blanket waivers
- Peer review using a retired physicain without liability insurance
- Q&A: Atelectasis query for secondary diagnosis
- Proper coding for polyp removal
- Know the medical gas cylinder storage requirements
- Identify all injuries and conditions to correctly code for multiple significant trauma
- Expirations on standing orders
- Developing a Fall-Prevention Program
- Clinically Speaking: Accidental puncture laceration
- Clarifying status indicator ’S’ and ’T’ procedures
- Searched