Health Information Management

HIPAA's Privacy Controls: Restrictions requested by an individual

HIM-HIPAA Insider, October 20, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Under the HITECH Act, when an individual request that a CE not release PHI to a health plan for payment or healthcare operations (i.e., not for treatment), and the provider has been paid “out of pocket in full,” the CE must comply. This is a change to the HIPAA rule, which permitted the CE to deny restrictions requested by an individual.
If accepting such restrictions is new for a CE, and the CE uses BAs to perform work that can result in the release of PHI to health plans, the CE and BA(s) must develop a process to restrict selected disclosure. This would apply to providers using a billing service to submit electronic claims to health plans, for example.
Note: This information is from The HIPAA and HITECH Toolkit: A Business Associate and Covered Entity Guide to Privacy and Security by Kate Borten, CISSP, CISM. For ordering information, visit the HCMarketplace or call 887-727-1728.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular