The HIPAA Privacy Rule does not prevent individuals from gathering and sharing family medical history information. However, it does limit how covered health care providers, such as doctors, may use or disclose protected health information. The Rule allows providers to use and disclose family history information, without authorization, for treatment, payment, and health care operations. It also allows providers to disclose such information to other providers for the treatment of a family member. However, providers are not required to disclose information and individuals may request restrictions on certain disclosures.
This is a slideshow explaining the importance of protecting patient privacy and confidentiality. This slideshow is for education and training purposes only.
This is a slideshow explaining the importance of protecting patient privacy and confidentiality. This slideshow is for education and training purposes only.
Health care professional's have an ethical and legal obligation to safeguard patients personal, healthcare, and individual information. However, if there is a breach in patient confidentiality, both the health care organization, as well as the health care professional could face legal, ethical, and financial ramifications. However, to ensure that all STAFF members with direct access to patient care information e.g. (doctors, nurses, etc.) are knowledgeable about the seriousness of patient confidentiality and the laws governed such as HIPAA, UCLA will implement a web-based HIPAA or Patient Privacy training.
Confidentiality can be defined as the
ethical principle or legal right that a
physician or other health professional will
hold secret all information relating to a
patient, unless the patient gives consent
permitting disclosure.
Health care professional's have an ethical and legal obligation to safeguard patients personal, healthcare, and individual information. However, if there is a breach in patient confidentiality, both the health care organization, as well as the health care professional could face legal, ethical, and financial ramifications. However, to ensure that all STAFF members with direct access to patient care information e.g. (doctors, nurses, etc.) are knowledgeable about the seriousness of patient confidentiality and the laws governed such as HIPAA, UCLA will implement a web-based HIPAA or Patient Privacy training.
Confidentiality can be defined as the
ethical principle or legal right that a
physician or other health professional will
hold secret all information relating to a
patient, unless the patient gives consent
permitting disclosure.
HIPAA applies to “PHI” (Protected Health Information).
PHI Information’s are those information that identifies who the health-related information belongs to. I.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc.
For an example if you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected as per HIPAA regulations.
HIPAA Privacy Rule and Sharing Information Related to MentalSusanaFurman449
HIPAA Privacy Rule and Sharing Information
Related to Mental Health
Background
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers
with important privacy rights and protections with respect to their health information,
including important controls over how their health information is used and disclosed by health plans
and health care providers. Ensuring strong privacy protections is critical to maintaining individuals’
trust in their health care providers and willingness to obtain needed health care services, and these
protections are especially important where very sensitive information is concerned, such as mental
health information. At the same time, the Privacy Rule recognizes circumstances arise where health
information may need to be shared to ensure the patient receives the best treatment and for other
important purposes, such as for the health and safety of the patient or others. The Rule is carefully
balanced to allow uses and disclosures of information—including mental health information—for
treatment and these other purposes with appropriate protections.
In this guidance, we address some of the more frequently asked questions about when it is
appropriate under the Privacy Rule for a health care provider to share the protected health
information of a patient who is being treated for a mental health condition. We clarify when HIPAA
permits health care providers to:
• Communicate with a patient’s family members, friends, or others involved in the patient’s
care;
• Communicate with family members when the patient is an adult;
• Communicate with the parent of a patient who is a minor;
• Consider the patient’s capacity to agree or object to the sharing of their information;
• Involve a patient’s family members, friends, or others in dealing with patient failures to
adhere to medication or other therapy;
• Listen to family members about their loved ones receiving mental health treatment;
• Communicate with family members, law enforcement, or others when the patient presents a
serious and imminent threat of harm to self or others; and
• Communicate to law enforcement about the release of a patient brought in for an emergency
psychiatric hold.
In addition, the guidance provides relevant reminders about related issues, such as the heightened
protections afforded to psychotherapy notes by the Privacy Rule, a parent’s right to access the
protected health information of a minor child as the child’s personal representative, the potential
applicability of Federal alcohol and drug abuse confidentiality regulations or state laws that may
provide more stringent protections for the information than HIPAA, and the intersection of HIPAA
and FERPA in a school setting.
1
Questions and Answers about HIPAA and Mental Health
Does HIPAA allow a health care provider to communicate with a patient’s family,
friends, or other persons who are involved in the patient’s care? ...
Wondering what your rights are under the Health Insurance Portability and Accountability Act? Check out the new Notice of Privacy Practices effective 1 OCT 13.
Education and training are key to staff aware of the meaning of confidentiality and privacy of patient information at health care facilities. It is essential for all personnel trained and educated on privacy, confidentiality and HIPAA policies frequently at least twice a year.
Sabrina Ragland, a medical assistant with 12 years’ experience.docxagnesdcarey33086
Sabrina Ragland, a medical assistant with 12 years’ experience, works for a gastroenterologist,
Dr. Tim Taylor. She comes from a family heavily involved in the medical fi eld. Her father was a
surgeon and her mother was his offi ce assistant. Two of Sabrina’s sisters are nurses, and her
brother is a respiratory therapist. Her husband, Joe, is a biomedical technician, and his mother,
Elsa Ragland, has been an RN for 40 years. For more than half of her career, Elsa has worked
for a local internist, Dr. Royce Berry. A casual comment at the Ragland family picnic resulted in
a medical professional liability lawsuit based on violation of patient privacy. Sabrina and Elsa’s
careers were jeopardized by a simple exchange of what seemed to be innocent information.
Vivian Adams, a 42-year-old hospital insurance biller, saw Dr. Berry in his offi ce for pain
located in her lower left quadrant. Ms. Adams was not a new patient but had not visited the
offi ce in approximately 2 years. When she arrived for her visit, she was presented with the
offi ce privacy policy and was asked to sign the document. Vivian glanced through it, signed it,
and saw the doctor. He performed an examination and found that Vivian was likely suffering from
irritable bowel syndrome and prescribed medication. Ms. Adams called the physician 1 week later complaining that she was no better. Dr. Berry
changed her medication without seeing her and did not hear from her again, other than her requests for refi lls of the medication. After 6 months with
no improvement, Ms. Adams went to Dr. Taylor; after several diagnostic tests, she was told that she had colon cancer and was given a bleak prog-
nosis. She told Dr. Taylor that she blamed Dr. Berry for not being more thorough in his testing. Sabrina was in the room and heard the comment.
That weekend at the picnic, Sabrina mentioned Ms. Adams to her mother-in-law and stated that the patient might sue Dr. Berry, although the pa-
tient never said those words. Elsa defended Dr. Berry and proclaimed that he was a good doctor, then expressed her hope that Ms. Adams would not
sue her employer. One week later, Elsa was in a grocery store and saw Ms. Adams. Elsa immediately expressed her sympathy about her diagnosis,
and then asked if there was anything she could do. Her intent was to be kind and try to avert litigation against Dr. Berry. Her gesture might have been
well received had Ms. Adams’ daughter, Terri, not been standing with her. Terri was not yet aware that her mother had been diagnosed with cancer.
Ms. Adams had told no one about her illness at that point. After the incident at the grocery store the fi rst person Ms. Adams told was her attorney.
While studying this chapter, think about the following questions:
291
16
SCENARIO
Privacy in the Physician’s Offi ce
• When can the medical assistant discuss a patient, and with whom,
and under what circumstances?
• What has HIPAA done for the medical industry and the pati.
A PowerPoint presentation addressing HIPAA overview and definitions, the Privacy Rule, access to medical records, including mental health and psychotherapy notes, and patient amendments or corrections to medical records.
Similar to Family medical history fa qs 1.12.09 (20)
1. zycnzj.com/ www.zycnzj.com
THE HIPAA PRIVACY RULE
Frequently Asked Questions About
Family Medical History Information
U.S. Department of Health and Human Services • Office for Civil Rights
1. Does the HIPAA Privacy Rule limit an individual’s ability to gather and share family medical
history information?
No. The HIPAA Privacy Rule may limit how a covered entity (for example, a health plan or most health
care providers) uses or discloses individually identifiable health information, but does not prevent
individuals, themselves, from gathering medical information about their family members or from deciding
to share this information with family members or others, including their health care providers. Thus,
individuals are free to provide their doctors with a complete family medical history or communicate with
their doctors about conditions that run in the family.
2. Does the HIPAA Privacy Rule limit what a doctor can do with a family medical history?
Yes, if the doctor is a “covered entity” under the HIPAA Privacy Rule. A doctor, who conducts certain
financial and administrative transactions electronically, such as electronically billing Medicare or other
payers for health care services, is considered a covered health care provider. The HIPAA Privacy Rule
limits how a covered health care provider may use or disclose protected health information. The HIPAA
Privacy Rule allows a covered health care provider to use or disclose protected health information (other
than psychotherapy notes), including family history information, for treatment, payment, and health care
operation purposes without obtaining the individual’s written authorization or other agreement. The
HIPAA Privacy Rule also generally allows covered entities to disclose protected health information
without obtaining the individual’s written authorization or other agreement for certain purposes to benefit
the public, for example, circumstances that involve public health research or health oversight activities.
When a covered health care provider, in the course of treating an individual, collects or otherwise obtains
an individual’s family medical history, this information becomes part of the individual’s medical record
and is treated as “protected health information” about the individual. Thus, the individual (and not the
family members included in the medical history) may exercise the rights under the HIPAA Privacy Rule
to this information in the same fashion as any other information in the medical record, including the right
of access, amendment, and the ability to authorize disclosure to others.
zycnzj.com/http://www.zycnzj.com/
2. zycnzj.com/ www.zycnzj.com
THE HIPAA PRIVACY RULE AND FAMILY MEDICAL HISTORY
3. Under the HIPAA Privacy Rule, may a health care provider disclose protected health information
about an individual to another provider, when such information is requested for the treatment of a
family member of the individual?
Yes. The HIPAA Privacy Rule permits a covered health care provider to use or disclose protected health
information for treatment purposes. While in most cases, the treatment will be provided to the individual,
the HIPAA Privacy Rule does allow the information to be used or disclosed for the treatment of others.
Thus, the Rule does permit a doctor to disclose protected health information about a patient to another
health care provider for the purpose of treating another patient (e.g., to assist the other health care provider
with treating a family member of the doctor’s patient). For example, an individual’s doctor can provide
information to the doctor of the individual’s family member about the individual’s adverse reactions to
anesthetics prior to the family member undergoing surgery. These uses and disclosures are permitted
without the individual’s written authorization or other agreement with the exception of disclosures of
psychotherapy notes, which requires the written authorization of the individual.
However, the HIPAA Privacy Rule permits but does not require a covered health care provider to disclose
the requested protected health information. Thus, the doctor with the protected health information may
decline to share the information even if the Rule would allow it. The HIPAA Privacy Rule may also
impose other limitations on these disclosures. Under 45 CFR § 164.522, individuals have the right to
request additional restrictions on the use or disclosure of protected health information for treatment,
payment, or health care operations purposes. If the health care provider has agreed to the requested
restriction, then the doctor is bound by that agreement and (except in emergency treatment situations)
would not be permitted to share the information. However, the health care provider maintaining the
records does not have to agree to the requested restriction. For example, an individual who has obtained a
genetic test may request that the health care provider not use or disclose the test results. If the health care
provider agrees to the restriction, the information could not be shared with providers treating other family
members who are seeking to identify their own genetic health risks.
zycnzj.com/http://www.zycnzj.com/
Page 2 of 2 The HIPAA Privacy Rule and Family Medical History