Sharing Protected Health Information

Permitted uses and disclosures of PHI are possible for a number of different purposes within the healthcare sector.  By following these guidelines, an organization may stay in compliance with HIPAA’s rules and be able to share protected health information. An organization must recognize these rules.  All employees of an organization that acts as a covered entity or business associate must be aware of these guidelines.   The Office for Civil Rights permits the use and disclosure of PHI for treatment, payment and health care operations.

Sharing with Health Care Providers

Keep in mind that HHS wrote HIPAA to not only protect PHI but to assist treatment providers in caring for the patient without requiring patient authorization in order to share their PHI.  For example, it is permissible to share protected health information with health care providers who will treat the patient in their office or after hospital discharge. The sharing may be electronically and must be in a manner that is compliant with the Security Rule.

Sharing for Care Coordination

We now see the need to share data with health care providers for purposes of care coordination.  This has expanded the “permitted uses and disclosures of PHI.”  This activity didn’t exist when HIPAA was written and is now required by CMS and is part of a treatment plan.  A health care provider may disclose PHI to another for this treatment purposes without patient authorization.  This information must be shared with all employees of the organization.

By following these simple guidelines organizations will be able to stay in compliance with HIPAA as they manage their PHI.  One must also realize that there are other ways that one may safely share PHI without having to obtain permission.  An example would be if there is an order from a court or for law enforcement purposes.

Contact us for more information.