HIM 2200. Release of Information. Release of Information. Release of Information (ROI) is the process of disclosing patient-identifiable information from the health record to another party. Role of HIM with ROI.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Release of Information
Release of Information (ROI) is the process of disclosing patient-identifiable information from the health record to another party.
HIM professionals have responsibility to in determining access to and release of information from patient health records.
Most HIM departments have either professionals specifically trained to do ROI on a daily basis
Responsible for verifying a ROI form and completing patient’s request per ROI form.
For example, the ROI may take the form of a patient’s request to mail copies of his or her records to a healthcare provider.
ROI professional require a request in written format, verifies patient signature on the ROI, and only then release the information requested.
4. If the request or authorization is valid, the specific information is copied and sent.
5. OR if the request is invalid, the problem with the request is noted in the computer, and the request is returned to the sender.
To comply with HIPAA standards, a healthcare facility must maintain a record that accounts for all disclosures from the health record.
Subpoena duces tecum: judicial request for certain information or evidence.
Similar to ROI requests the subpoena is
1.Logged on database
2. Verify the subpoena to be valid and the information can be released to the court in compliance with state & federal law.
3. Check the health record. Is it complete? Are signatures identifiable?
4. Review the record for risk. If it is a potential malpractice case, notify administrator/facility attorney/physician.
5. Copy and certify.
6. Prepare an itemized list of the record contents which cab be used as a receipt if the record is retained by the court.
7. Record the information and number of pages in response to subpoena duces tecum
8. In response to a subponea ‘duces tecum’ a HIM professional may appear in person in court or at a deposition and give sworn testimony to the health record’s authenticity.
All requests must follow HIPAA unless a state law is more stringent.
4. Verify the insurance company (if requester) as the one belonging to the patient
5. Review the request for what was wanted and whether the requestor was entitled to the information.
The HIPAA Privacy rule declares the following authorizations invalid:
General: authorization for the disclosure of general health information may be combined with another authorization for the disclosure of general health information. However a general authorization that conditions treatment, payment, enrollment or eligibility for benefits on completion may not be combined with another authorization. For example, an insurance company may not combine an authorization they require as a condition of enrolling in their plan with another authorization.
If the individual requests a copy of the protected health information or agrees to a summary or explanation of information, the facility may impose a reasonable cost based fee, provided that the fee includes only the cost of:
-copying (cost of supplies & labor)
-preparing an explanation or summary of information
Does HIPAA privacy rule allow us to release patient information over the telephone without an authorization?
HIPAA now allows the release of health information without an authorization from the patient in certain situations:
Is faxing patient information legal under HIPAA?
If the facility is permitted to release information for treatment purposes or by authorization, then using a fax machine is allowed. However safety steps should be ensured.
What are a facilities legal responsibilities when a former employee breaches confidentiality of information gained during his or her employment period?
A facility can fortify its defense position by ensuring and retaining clear evidence that a former employee was trained and expressed understanding of privacy and security policies and procedures. Thorough documentation of ongoing HIPAA training will demonstrated a facilities efforts during the employment period. Addressing postemployment responsibilities is also advised. If the employee is terminated, documentation of a signed statement stating understanding the confidentiality of patient information should be expressed. DOCUMENT!!!
Who can act as a personal representative of a minor?
Either parent (unless otherwise restricted by a court order), the legal guardian or the legal custodian appointed by a court may act as a minor's personal representative
When can a minor (someone under 18) be considered as adult and therefore guardian not allowed to complete authorization or request for medical information?
This varies state by state. Check with your state law. But the following is expressed under HIPAA & Utah law.
As a parent to I have the right to get and amend my childs record?
Again, this varies state by state, as per Utah law & HIPAA, the answer is No, if a healthcare provider reasonably believes there is neglect or abuse of child, then the parent does not have access to child’s record.
I am listed as my mother’s power of attorney, do I have right to request an authorization and look at her medical information.
Yes, if you are your mother’s agent or power of attorney, under Utah & HIPAA law you have this right.
My father died, to I have right to look at his records?
Again varies state by state, but under Utah law & HIPAA, the answer is yes. You usually have right to get a deceased person’s medical record if you are the personal representative (adminstrator or executive). In Utah this includes deceased spouse or child.
Remember to check with HIPAA privacy rule, your state law, and facilities attorney in which how a scenario might be answered different.