Question

Discuss the impact of patient portals on the Release of Information function. Can it replace the ROI function in health information management? Why/why not?

Answer 1

Release of information (ROI) in healthcare is critical to the quality of the continuity of care provided to the patient. It also plays an important role in billing, reporting, research, and other functions. Many laws and regulations govern how, when, what, and to whom protected health information is released. ROI departments perform such tasks as obtaining patient consent, certifying medical records, and deciding what information can be released. Special federal regulations protect the release of information in the areas of mental health, drug treatment, and alcohol treatment.

The Health Insurance Portability and Accountability Act (HIPAA) is a landmark piece of legislation, but why is HIPAA important? What changes did HIPAA introduce and what are the benefits to the healthcare industry and patients? HIPAA was introduced in 1996, primarily to address one particular issue: Insurance coverage for individuals that are between jobs. Without HIPAA, employees faced a loss of insurance coverage when they were between jobs. A second goal of HIPAA was to prevent healthcare fraud and ensure that all ‘protected health information’ was appropriately secured and to restrict access to health data to authorized individuals. HIPAA introduced a number of important benefits for the healthcare industry to help with the transition from paper records to electronic copies of health information. HIPAA has helped to streamline administrative healthcare functions, improve efficiency in the healthcare industry, and ensure protected health information is shared securely. The standards for recording health data and electronic transactions ensures everyone is singing from the same hymn sheet. Since all HIPAA-covered entities must use the same code sets and nationally recognized identifiers, this helps enormously with the transfer of electronic health information between healthcare providers, health plans, and other entities.

Arguably, the greatest benefits of HIPAA are for patients. HIPAA is important because it ensures healthcare providers, health plans, healthcare clearinghouses, and business associates of HIPAA-covered entities must implement multiple safeguards to protect sensitive personal and health information. While no healthcare organization wants to expose sensitive data or have health information stolen, without HIPAA there would be no requirement for healthcare organizations to safeguard data – and no repercussions if they failed to do so. HIPAA established rules that require healthcare organizations to control who has access to health data, restricting who can view health information and who that information can be shared with. HIPAA helps to ensure that any information disclosed to healthcare providers and health plans, or information that is created by them, transmitted, or stored by them, is subject to strict security controls. Patients are also given control over who their information is released to and who it is shared with.

HIPAA is important for patients who want to take a more active role in their healthcare and want to obtain copies of their health information. Even with great care, healthcare organizations can make mistakes when recording health information. If patients are able to obtain copies, they can check for errors and ensure mistakes are corrected. Obtaining copies of health information also helps patients when they seek treatment from new healthcare providers – information can be passed on, tests do not need to be repeated, and new healthcare providers have the entire health history of a patient to inform their decisions. Prior to the Introduction of the HIPAA Privacy Rule, there was no requirements for healthcare organizations to release copies of patients’ health information. A release of information form allows a patient access to his own medical records and allows him control over to whom those records are released, explains the Geisel School of Medicine at Dartmouth. Providers often require payment to release medical records and typically don't fax records to protect patient privacy.

A medical release form is a document that gives healthcare professionals permission to share patient medical information with other parties. Under HIPAA regulations, it's referred to as an “authorization.” Healthcare staff need a written copy on record with a signature to protect themselves. Autorization to release information form is used to release your protected health information as required by federal and state privacy laws. Your authorization allows the Health Plan (your health insurance carrier or HMO) to release your protected health information to a person or organization that you choose. You can revoke this authorization at any time by submitting a request in writing to the Health Plan (contact Member Services for further instructions). Revoking this authorization will not affect any action taken prior to receipt of your written request.

A compound authorization refers to an authorization for use or disclosure of patient-specific health information that is combined with another document, an expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure. HIPAA does not impose any specific time limit on authorizations. For example, an authorization could state that it is good for 30 days, 90 days or even for 2 years. The authorization form must be written in plain language to ensure it can be easily understood and as a minimum, must contain the following elements: Specific and meaningful information, including a description, of the information that will be used or disclosed.

Under HIPAA, a “personal representative” is the person who has authority to make healthcare decisions for the patient under applicable state law. (45 CFR 164.502(g)(2)-(3)). A personal representative generally has the right to access or authorize disclosures of information just like the patient. A HIPAA-compliant HIPAA release form must, at the very least, contain the following information: A description of the information that will be used/disclosed. The purpose for which the information will be disclosed. The name of the person or entity to whom the information will be disclosed.

A Privacy Rule Authorization is an individual's signed permission to allow a covered entity to use or disclose the individual's protected health information (PHI) that is described in the Authorization for the purpose(s) and to the recipient(s) stated in the Authorization.