Even under the best of circumstances—excellent staff, streamlined workflows, the latest technology— Release of Information (ROI) is a precarious process. Specific rules apply to different categories of requests. One area of complexity and confusion is the disclosure of Protected Health Information (PHI) for workers’ compensation purposes. While the ROI process for workers’ comp requests is similar to the process for “regular” requests, the type of information allowable for disclosure is different unless the request is accompanied by a patient authorization.
According to HHS guidelines, “The HIPAA Privacy Rule does not apply to entities that are either workers’ compensation insurers, workers’ compensation administrative agencies, or employers, except to the extent they may otherwise be covered entities.” However, the rule recognizes the legitimate need of these entities involved in workers’ compensation cases to access PHI according to state or other laws. Due to variability among such laws, the Privacy Rule permits disclosures of PHI for workers’ compensation purposes in different ways.