Check Request Status610-994-7500

PHI Disclosure Legal Issues, Part 1: Healthcare Power of Attorney

Power of Attorney Photo

PHI Disclosure Legal Issues, Part 1: Healthcare Power of Attorney

Just before our first wedding anniversary this August, my husband and I agreed to finalize our last wills and testaments, durable healthcare powers of attorney and living wills. A durable healthcare power of attorney is a legal document that allows you to authorize a representative to make your healthcare decisions if you become incapacitated, while a living will provides instructions on whether life-prolonging measures should be taken. It may not sound like the most romantic thing to do—I don’t think that signed legal documents count for the gift of “paper” that is traditionally given on a first anniversary—but it is hard to think of a more meaningful gesture as we begin our second year of marriage.

As MRO’s Privacy and Compliance Counsel, I am frequently reminded of the importance of these documents because the Health Information Management (HIM) departments in our healthcare-provider client organizations often encounter situations where a family member requests a patient’s Protected Health Information (PHI) with a general or durable power of attorney. Unfortunately, unless those documents explicitly grant the authority to make healthcare decisions or to access to the patient’s health information, the requester is not the patient’s personal representative under HIPAA and without other documentation, they may not be able to access the records. If records were released, the provider organization would be disclosing PHI to an unauthorized person, which is considered to be a breach under HIPAA.

It is best practice for HIM staff handling Release of Information to be specially trained on how to review these types of legal documents, because some durable or general powers of attorney do grant the authority to make these specific healthcare decisions, but many do not. Finalizing my durable healthcare power of attorney and living will gives me peace of mind that if the unthinkable were to happen, my husband would have proper guidance to manage my care in accordance with my wishes. That is definitely something worth celebrating.

For more information on ensuring your regulatory compliance and improving the workflow efficiency of your PHI disclosure process, check out MRO’s Vice President of Client Relations and Compliance Don Hardwick’s thoughts in this piece from For the Record.

This is the first of a five-part blog series discussing different legal issues surrounding Release of Information and PHI disclosure management. This blog post is made available by MRO’s privacy and compliance counsel for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. This blog post does not create an attorney-client relationship between the reader and MRO’s privacy and compliance counsel. This blog post should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Sign Up for Future Blog Posts

Read More

HIM: The Original Health Information Exchange(rs)

Sharing Documents

HIM: The Original Health Information Exchange(rs)

It wasn’t that many years ago that medical records consisted of reams of paper files stored in rows and rows of cabinets. It’s also not that long ago that fax machines were considered “high-tech.” Although the technology was lacking by today’s standards, health information management (HIM) professionals led initiatives around the exchange of patient health information, ensuring compliance with federal, state and facility patient-privacy policies.

Fast forward to today’s HIM department, where patient charts are digitized and can be electronically transmitted in a matter of seconds using electronic medical records (EMRs) and Health Information Exchanges (HIEs). Technology has changed the face of health information exchange, bringing about both challenges and opportunities that require HIM leaders to evolve their roles and keep pace with changing times.

For example, electronic exchange technologies are typically implemented by the information technology (IT) department without involving HIM professionals until late in the process. It is essential, however, that collaboration with HIM leaders occurs early in these HIE initiatives and throughout the process so they can offer their expertise and knowledge of best practices in information governance, workflow and compliance.

One way to get involved early in the planning and implementation is for HIM leaders to present potential exchange solutions to their IT peers. This requires research and education (and gumption). Often, a Release of Information (ROI) partner can be a great resource. A technologically advanced ROI company, in particular, likely offers some “HIE-like” solutions such as:

  • Direct Secure Messaging as a fax replacement
  • esMD delivery to the Centers for Medicare & Medicaid Services for audits
  • Social Security Administration interfaces for automating the disability claims process

With their HIM expertise and technology capabilities, your ROI partner can equip you with solutions, help raise your levels of influence, and assist in bridging the gap between HIM and IT. By opening the doors of communication and collaboration, the departments can work as a team to electronically exchange health information in a secure, compliant and efficient way.

Check out our white paper, Finding the Right Partner for Integrated HIE, which discusses the benefits of partnering with a PHI disclosure management firm to implement HIE-based solutions.

For even more information, please attend our session on HIM and IT collaboration around HIE at the 87th Annual AHIMA Convention in New Orleans. We will be presenting with Susan Carey, MHI, RHIT, PMP, who serves as System Director for HIM at Norton Healthcare, at 10 a.m. on Wednesday, September 30, 2015. Look forward to seeing you there!

Sign Up for Future Blog Posts

Read More