Question

Do you think there are problems with any of the HIPAA Privacy rule's exceptions to the authorization requirement? Do the...

Do you think there are problems with any of the HIPAA Privacy rule's exceptions to the authorization requirement? Do the exceptions minimize patient privacy? Are there too many exceptions? Are there other exceptions that you would include if you were asked to become involved in revising the law?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Exceptions to the HIPAA Privacy Polic

Although the privacy rule has placed stringent parameters around the transmission of personal health information, it is recognized that health providers are required to maintain and transmit PHI in the course of conducting business. There are several situations in which the medical facility is not required to notify the patient or obtain written express permission for a disclosure.

The scenarios that do not require written patient authorization are:

  • A covered entity is allowed under the privacy rule to disclose protected health information to the patient or authorized representative without prior written approval.
  • A covered entity may also disclose PHI to aid in TPO, which is the acronym for "Treatment, Payment and Health Care Operations". These are the situations in which a medical provider (who is a covered entity) shares patient information with other covered entities or business associates, in an effort to treat the patient's illness, receive payment for services rendered, or to engage in quality checks and case management in an effort to enhance health care operations.

Protected health information is shared under the umbrella of TPO in almost every medical-related facility, from a large hospita,l to the corner drugstore and is defined below:

Treatment - This is defined as personal health information transmitted while in the act of providing, coordinating, or managing the health care of a patient. This includes consultations between doctors. An example is a primary care physician consulting with a specialist regarding a patient's diagnosis and treatment plan. Also included is information transmitted when referring a patient for outpatient laboratory testing or a diagnostic ultrasound.

Payment - This is defined as all activities that a provider of health service must undertake to receive payment for a health encounter. This includes submitting a claim to the patient's health plan for payment, checking patient eligibility and claim status, receiving and applying payment and rejections, as well as billing the patient for applicable co-pays and co-insurance.

Health Care Operations - In the course of business, a medical practitioner or establishment will engage in a number of administrative tasks to ensure the smooth and effective operation of the business. These tasks include audits of patient files, quality checks and improvement initiatives, staff competency and compliance evaluations, as well as administrative duties -- such as de-identifying PHI and creating data sets of patient information for research purposes.

  • Opportunity to Agree or Object - There are some instances in which there may not be time to obtain a formal written authorization. In these cases, it is permissible to obtain an informal verbal authorization from the patient or his authorized representative. Asking the patient outright can also be waived if there has been significant opportunity for the patient to agree or disagree to the request for disclosure. If the patient is incapacitated and there is no authorized representative, medical professionals may use their professional judgment and ethics in determining what information to disclose.

Informal authorization is also acceptable in the case of discussing treatment and outcomes with a patient's spouse and family members that are involved in the patient's care. Informal authorization is also applicable for the purposes of notifying family members responsible for the patient about their location, condition, or death.

  • Incidental Use and Disclosure - It is possible for protected health information to be disclosed in a situation for which the patient has not provided express written permission. However, it is considered permissible if this disclosure was incidental or related to another use or disclosure that the patient has given permission for.

This usage of PHI is acceptable as long as the covered entity can assure that there exists in the organization a reasonable safeguard against the misuse of PHI. Also, it is critical that the information shared adhere to the "minimum necessary" rule that will be explained in an upcoming lesson.

  • Public Interest and Benefit Activities - Otherwise protected health information can be released without patient consent in 12 scenarios, which are labeled as "national priority purposes." This is the release of personally identifiable health information to non-medical entities. In these situations, there seeks to be a balance between maintaining individual privacy rights and the need to identify someone to serve the interest of the public.

The scenarios that fall under the umbrella of public trust are as follows:

- Required by Law - Information may be provided by a covered entity to law enforcement officials to fulfill a court order, statute, or legal regulation.

- Public Health Activities - Covered entities can reveal protected health information to 1. Public health officials who are responsible for monitoring and stopping the spread of disease or injury. 2. FDA-regulated companies if there is data that would support the monitoring of effectiveness or adverse events related to their products. 3. Individuals who may have been exposed to transmittable diseases that are tracked by the government and require reporting. 4. Information may be released to employers regarding employees in order to evaluate work-related illnesses or claims, manage workers compensation claims, and OSHA violations.

- Victims of Abuse, Neglect, or Domestic Violence - In cases of suspected abuse, it is permissible to report the incident to the authorities, including providing protected health information.

- Health Oversight Activities - Personally identifiable health information may be released to government agencies that are responsible for providing oversight for the health care system, including government health programs, such as Medicare and Medicaid.

- Judicial and Administrative Proceedings - PHI may be disclosed to the court system in response to a subpoena, court order or administrative tribunal. Notice should be sent to the subject of the order that their information has been shared.

- Law Enforcement Purposes - Protected health information may be shared with law enforcement officials under the following circumstances: 1. As required by law to adjudicate warrants or subpoenas. 2. To locate a suspect, witness, or fugitive. 3. Provide law enforcement officials with information on the victim, or suspected victim, of a crime. 4. To notify law enforcement in the case of a suspicious death, which may have resulted from criminal activity. 5. As evidence of a crime that occurred in the facility of a covered entity. 6. A covered entity may provide PHI in the case of an emergency involving one of its patients, even if the incident occurred offsite. Also to inform law enforcement about a possible crime, victims, perpetrators, or location thereof.

- Decedents - In the case of death, PHI can be disclosed to the coroner's office for identification purposes, and to determine the cause of death. PHI many also be released to the funeral home as needed.

- Organ Donation - PHI can be released by covered entities to facilitate the donation of cadaver organs and tissue.

- Research - PHI can be released in the case of medical research, provided the researchers warrant that the information is necessary for the preparation or execution of the research study and will not be used in any other way.

- Serious Threat to Health and Safety - PHI can be released without consent to law enforcement officials to aid in the capture of an escaped prisoner or a violent criminal. Protected health information can also be released if there is credible reason to believe that there is an imminent threat to an individual or the public at large.

- Essential Government Functions- Covered entities are allowed to release protected health information for the completion of government duties and functions, including military missions, national security initiatives, protection of the President, for evaluating State Department employees and providing health services to inmates.

- Workman's Compensation- Covered entities may release PHI without authorization in the course of evaluating and certifying employee injury claims.

  • Limited Data Set- For the purposes of research, health care operations and public health, identifying information may be removed from a select group of patient records and the remaining data transmitted. There is limited data left, but what remains is able to be used for statistical, research, or policy-making purposes.

Food for Thought

Were you aware that there were so many instances in which PHI could be shared without patient authorization?
What are your thoughts regarding this?
Does this make you look at your own health information differently?

Conclusion

Although the HIPAA privacy policy strives to protect patients and limit disclosures of PHI, it also acknowledges that there are some instances in which disclosure is necessary to maintain the law, protect public interest, and expedite medical care.

Add a comment
Know the answer?
Add Answer to:
Do you think there are problems with any of the HIPAA Privacy rule's exceptions to the authorization requirement? Do the...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Do you believe that the 12 public interest and benefit exceptions to the authorization requirement are...

    Do you believe that the 12 public interest and benefit exceptions to the authorization requirement are warranted? Statt at Community Hospital, a 200-bed facility, has been busy with HIPAA Privacy Rule issues recently. Community Hospital is regularly surveyed by the city safety department for compliance with local codes related to issues such as fire and water safety. Community Hospital's privacy officer has issued an unsigned business associate agreement to the department of health, instructing the chief of its survey office...

  • Do you think more regulations should be added to HIPAA privacy rules to protect the patient...

    Do you think more regulations should be added to HIPAA privacy rules to protect the patient and set limits for new technology?

  • Do you think we have enough privacy for patients' healthcare data with our current rate of...

    Do you think we have enough privacy for patients' healthcare data with our current rate of use of technology? Do you think more regulations should be added to HIPAA privacy rules to protect the patient and set limits for new technology? (EMR- personal data, EKGs-enter patients personal data for printable report, wearables, phone apps, emails, etc.)

  • Protecting Health Care Privacy The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other...

    Protecting Health Care Privacy The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other things) the privacy of health information. Its Title 2 regulates the use and disclosure of protected health information (PHI), such as billing services, by healthcare providers, insurance carriers, employers, and business associates Email is often the best way for a hospital to communicate with off-site specialists and insurance carriers about a patient. Unfortunately, standard email is insecure. It allows eavesdropping, later retrieval of messages...

  • 1.  In your opinion, why do we need to have laws protecting patients’ privacy? 2.  If...

    1.  In your opinion, why do we need to have laws protecting patients’ privacy? 2.  If you were in a position to change health care confidentiality law, what changes, if any, would you make and why? 3.  Identify one of the standards of the Health Insurance Portability and Accountability Act (HIPAA) and explain how it applies to your profession.

  • When you call a provider's clinic, does any of the following aggravate you? Do you think...

    When you call a provider's clinic, does any of the following aggravate you? Do you think other people are aggravated by these things? a. Being put on hold right away or too often b. The administrative medical assistant asking too many questions c. Not enough appointment time choices; that is, you have to wait too long for an appointment d. Not getting a real person, having to listen to menu choices and make selections? e. other; __________________________________________________________ Then, when you...

  • In 2013, the Health Insurance Portability and Accountability Act (HIPAA not HIPPA) turned 10 years old...

    In 2013, the Health Insurance Portability and Accountability Act (HIPAA not HIPPA) turned 10 years old and has changed how healthcare responds to, use and share patient information however there are still instances where healthcare workers violate the privacy and security law. This week you are asked to find a recent article of a HIPAA or HITECH Act breach. Be sure to summarize what the violation was and what the consequences were, if any. Include the facility or provider and...

  • ction. 3) What kind of limits, if any, do you think should be imposed upon “artificial”...

    ction. 3) What kind of limits, if any, do you think should be imposed upon “artificial” methods of reproduction? 4) How could the Categorical Imperative from Duty Ethics apply to deciding whether to follow a Do Not Resuscitate Order when the family of the patient opposes it? 5) Discuss the concept of hospice care from a Utilitarian perspective. 6) Sort through the ethical question of whether it is justifiable to transplant an organ solely for the purpose of extending a...

  • Please Note: Anything you think is relevant to post your understanding of The Scientific Method. Include...

    Please Note: Anything you think is relevant to post your understanding of The Scientific Method. Include in the discussion which topic and episode you selected, and why you chose it. Or watch any of the listed episodes on Youtube After reviewing the material in this unit on The Scientific Method, select one episode of the following to view: 1. Myth Busters 2. NCIS 3. Tanked 4. Law & Order 5. Nova Or anything you think is relevant to post your...

  • What do you think a provider would recommend as pain management for that patient? Would it...

    What do you think a provider would recommend as pain management for that patient? Would it be over-the-counter or require a prescription? What would be the recommended adult dosage? Would there be concerns regarding how long the medication could safely be used? Might there be options other than medications which might help with pain? A patient comes in with severe wrist pain. The pain started shortly after the patient fell down the stairs. When asked to rate their pain on...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT