Confidentiality, Privacy and Security

Releasing information from other agencies

Ashley Andrews Dean, Bachelor of Science,CHPS,CHDA,CPHI,CPHIMS CPPM CPC12 days ago

Glenda Rakes, Health Informatics and Information Management,Heal22 hours ago

  • 1.  Releasing information from other agencies

    Posted 13 days ago
    Where I work, we seem to have issues concerning whether or not to release information we've received from other agencies.   Some say, absolutely "no", but I have also heard that it becomes part of your record if you use the information for treatment or diagnosis of the patient.   I've been looking through some publications but not finding that specifically.   Can anyone help?

    ------------------------------
    Iris Simons, RHIT
    ePATH Consultant
    Pathway Health
    ------------------------------


  • 2.  RE: Releasing information from other agencies

    Posted 12 days ago
    Hi Iris,

    If by agencies, you mean other clinicians / providers / or other provider organizations,  this is sometimes referred to as 'redisclosure'.  Take a look at this guidance from HHS: (text in italics below taken from link) --> https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html

    General Right: The Privacy Rule generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more "designated record sets" maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual's choice. Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).

    As their Access Guidance confirms, the "designated record set" includes records used by the covered entity to make healthcare decisions about a patient "regardless [of] where the [record] originated (e.g., whether the covered entity, another provider, the patient, etc.)."  (A prevailing theme here is essentially, if you didn't use it for treatment, review, or other patient care decisions, why do you have it?  Why was it sent to you if not for these purposes?)

    Also, you can reference this (below, from HHS), but it just specifies whether information from another provider/source 'may' be released; the above guidance is more clear about outside/other provider information received being considered part of the medical record or whether it 'should' be released: 
    https://www.hhs.gov/hipaa/for-professionals/faq/214/may-health-care-provider-disclose-parts-of-medical-record/index.html

    From link (text in italics):  A provider might have a patient's medical record that contains older portions of a medical record that were created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to disclose a complete medical record even though portions of the record were created by other providers?

    Answer:  Yes, the Privacy Rule permits a provider who is a covered entity to disclose a complete medical record including portions that were created by another provider, assuming that the disclosure is for a purpose permitted by the Privacy Rule, such as treatment.

    AHIMA also provides some detailed guidance on this, available here: 
    Redisclosure of Patient Health Information (2013 update) --> https://bok.ahima.org/doc?oid=300263

    Keep in mind the confidentiality of alcohol and drug abuse patient records and/or any applicable state laws.  Hope this helps!

     

     



    ------------------------------
    A. Andrews Dean, CPHIMS, CHPS, CHDA, CPPM, CPC
    Health IT Regulatory Affairs & Healthcare Compliance Consultant
    ------------------------------



  • 3.  RE: Releasing information from other agencies

    Posted 12 days ago
    Interestingly, I was reading the notice of Proposed Rule Making that was recently published on HHS's website and found this statement.  I think it answers your question.  I have always addressed this question with "if it is part of your legal medical record/designated record set, you must release". https://www.hhs.gov/hipaa/for-professionals/regulatory-initiatives/index.html


    As such, 45 CFR 164.524 of the Privacy Rule generally requires HIPAA )73 covered entities (health plans and most health care providers) to provide individuals, upon request, with access to their PHI in one or more designated record sets maintained by or for the covered entity.  As finalized in 2013, this right includes the right to inspect or obtain a copy, or both, of the PHI, and to access the PHI in the form and format requested if readily producible.  Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained on paper or in an electronic system onsite, remotely, or archived; or where the PHI originated (e.g., from the covered entity, another health care provider, the patient, etc.). 



    ------------------------------
    DeAnn Tucker MHA, RHIA, CHPS, CCS
    Senior Manager | Coker Group
    ------------------------------



  • 4.  RE: Releasing information from other agencies

    Posted 10 days ago
    I am curious what people are doing in the event a patient specifically requests their records from outside resources and their request isn't for your organizations records.  I would think you would refer them to the original organization those records came from.  It seems to me it could open a can of worms if patients realize they can work around getting records in this manner which brings to thought the importance of not just including all records from outside records and you should really only include the ones used for medical decision making.

    ------------------------------
    Diana Flood
    Clinical Consultant
    (405) 5172919 dflood@ofmq.com
    ------------------------------



  • 5.  RE: Releasing information from other agencies

    Posted 10 days ago

    We do not release records from another facility.  Patients need to contact the referring facility in order to obtain a copy of their records.

     

    Kathleen Buchman, RHIT

    Director, Health Information Management

    Kessler Institute for Rehabilitation

    Kessler Institute Best Hospitals Banner Kessler Institute is proud to be recognized by U.S. News & World Report as one of the top rehabilitation hospitals in the nation – and the only center of its kind in New Jersey. This marks the 26th consecutive year that Kessler has been named to the prestigious "America's Best Hospitals" list.
    Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.






  • 6.  RE: Releasing information from other agencies

    Posted 10 days ago
    Careful here.  Within the context of HIPAA...records within the DRS whether created by the CE or from another CE are inclusive with respect to a request for access.



    Posted: 7:53 AM AZ time

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 7.  RE: Releasing information from other agencies

    Posted 10 days ago
    Frank is right, unless they are AODA records, if you have made them part of your DSR (which I don't know how you would not consider them part of the DSR if you have saved/retained/scanned them), they must be released up on request.

    ------------------------------
    Nancy Davis, MS, RHIA, CHPS
    Director of Compliance & Safety
    Door County Medical Center
    ------------------------------



  • 8.  RE: Releasing information from other agencies

    Posted 10 days ago
    Thanks to everyone for your input.   I think we've gone from thinking the more information we can obtain from prior treatment facilities, the better - whether we look at it or not.   That's come around to bite us a few times.  We're trying to balance how we determine which information from other facilities we're actually going to use and make that part of our Designated Record Set.

    I'm struggling with those times we get a disk containing 5 years worth of previous visits, labs, x-rays, medications, etc. and really know the provider is not going to take the time to review all of it.    Do you think it would work to have a procedure that states something along these lines:

    Unsolicited, prior treatment information received by _____________ Hospital/Clinic will be maintained in a separate location/file in the patient's chart and will be designated "Prior Treatment Resource(s) or something along those lines.   The information would be available to providers if they seek it out and whatever they use for dx or treatment would then be made part of the Designated Record Set.   Otherwise, it will be retained but not incorporated or released?

    Trying to think outside of the box.   Your insight is appreciated.

    Thanks again!

    ------------------------------
    Iris Simons, RHIT
    ePATH Consultant
    Pathway Health
    ------------------------------



  • 9.  RE: Releasing information from other agencies

    Posted 10 days ago
    I totally like the "out of the box" thinking...but for me...that's a box I'm going to keep unopened and not go anywhere near.



    Posted: 8:20 PM AZ time

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 10.  RE: Releasing information from other agencies

    Posted 10 days ago
    You may want to review the guidance from HHS provided above; because HIPAA does consider these part of the record set (again their question/assumption is, if not, why do you have them or why were they sent to your facility?).

    https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
     Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).

    ------------------------------
    A. Andrews Dean, CPHIMS, CHPS, CHDA, CPPM, CPC
    Health IT Regulatory Affairs & Healthcare Compliance Consultant
    ------------------------------



  • 11.  RE: Releasing information from other agencies

    Posted 6 days ago
    Hi Diana -
    In the past when we have had such requests, we would first refer them back to the facility the records came from.  If they push the issue, I always make sure to let them know they will likely not be comprehensive as our physicians only keep what they need to treat the patient.
    Many times, with that information, they go to the other facility.

    Stacy

    ------------------------------
    Anastasia Gansfuss
    Manager, Medical Record Services
    Rutgers Health Group - Robert Wood Johnson Medical School
    ------------------------------



  • 12.  RE: Releasing information from other agencies

    Posted 2 days ago
    I have a related questions ... If we receive records from another facility for our providers to review to make the decision of taking that individual on as a patient or not; they do not accept the patient; and now the patient wants those records. Is is permissible to have our policy state that those records are returned to the original facility (clinic in this case) and not available for redisclosure by us? Or, what do you do in that situation? We have a shared record with our hospital (which owns us)... does it matter if the patient is established with the organization or not? In some cases, they will be truly a not seen before patient by both the clinic and the hospital; but in some cases we could have a 'record' of the patient because they were seen in our urgent care or the hospital's ED? I appreciate your guidance! Thank you. This post has been very helpful.

    ------------------------------
    Connie Lovell, CPC, MSOM
    Beatrice Community Hospital
    PO Box 278, Beatrice, NE 68310
    Ph: 402.223.7294
    Email: clovell@bchhc.org
    ------------------------------



  • 13.  RE: Releasing information from other agencies

    Posted 22 hours ago
    Before we scan any outside records in, we require our providers to initial each page they want scanned in that they have used for patient care. Those pages then are scanned and become part of our DRS and are released upon request. Our providers understand that anything they initial becomes part of our Legal Medical Record and they are responsible for the content.

    Thanks,

    ------------------------------
    Glenda Rakes MHIIM, RHIA
    HIM Director/Privacy Officer
    Northern Montana Health Care
    ------------------------------



  • 14.  RE: Releasing information from other agencies

    Posted 20 hours ago
    That sounds like the best solution because it puts the determination in the hands of the provider.   I'm concerned that may be a HUGE fight at our facility because they've been basically hands-off with it up until now.   I don't think they have experienced the downside of having information in the chart they haven't looked at come back to bite them.   Thanks for your input - this has been a great discussion.

    Iris

    ------------------------------
    Iris Simons, RHIT
    ePATH Consultant
    Pathway Health
    ------------------------------