MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, shares her privacy and security visions for 2019 and offers strategies for navigating compliance in the coming year.

We are highlighting privacy and security trends and predictions to help Health Information Management (HIM) and other healthcare leaders navigate compliance in the coming year.

Patient-Directed Requests
Attorney misinterpretation of patient-directed requests (PDRs) was front and center in 2018 and will continue to require clarification and guidance in 2019. When the validity of a PDR is questionable, the patient should be contacted to clarify and confirm consent. Here are additional strategies for handling attorney requests submitted under the guise of a PDR:

  • Inform your state legislators of this questionable attorney behavior
  • Discuss the issue with HIM peers in your area
  • Hold meetings with your OCR representative to determine the best course of action
  • Question and verify (with the patient) any suspicious PDR

We welcome a dialogue with the Office for Civil Rights (OCR) for clarification of the guidance to ensure requests are made for the purpose of assisting the patient with continuity of care—the original intent of the guidance. At MRO, we use the criteria provided by the guidance. The request must be made by the patient, written in the first person and signed by the patient. It must clearly state who is to receive the information and provide the address of that person.