Skip to main content
In a Journal of AHIMA article, MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy, offers insight and tips on how Health Information Management (HIM) professionals can address risks related to handling PHI disclosure when faced with a lawsuit.

Health information management (HIM) professionals must be prepared to address risks related to release of information (ROI) and protected health information (PHI) disclosure management when a lawsuit is involved. In the event of litigation, your organization can expect to receive requests for patient records regarding a specific encounter or incident.

If your facility is facing a lawsuit, crossover between HIM and risk management is inevitable. For example, risk management may have electronic health record (EHR) access, with the ability to pull information as needed to prepare for an investigation. The situation can be tricky when risk management has prepared information for the hospital’s attorney, while opposing attorneys have come through ROI. We’ve seen cases where there are two sets of records, from different print queues, presented in court. Ensuring consistent information is critical.

The following hypothetical case study emphasizes the importance of collaboration among all parties—including HIM, risk management, legal counsel, compliance, privacy, and data integrity—when release of information is required as part of a lawsuit.


Bowen is an established author and speaker on healthcare privacy and security. She is an active member of the American Health Information Management Association (AHIMA), having served as its President and Board Chair, as a member of the Board of Directors and of the Council on Certification, and currently sits on the AHIMA Foundation Board of Directors. In her role at MRO, Bowen works with clients to ensure HIM policies and procedures are to code. Additionally, Bowen serves as the company’s Privacy and Compliance Officer (CPO).

More Posts