In an era of regulatory reform and breach, managing the disclosure of protected health information (PHI)has become increasingly complex. Concerns become even more acute as organizations grow through mergers and acquisitions. Health care organizations seek ways to mitigate risk by implementing new technology combined with Health Insurance Portability and Accountability Act (HIPAA)-compliant policies and procedures across the entire enterprise, not just within their health information management (HIM) departments.

Compliance professionals play an important role in helping to meet this goal. Working in tandem with HIM peers, effective compliance teams are active stakeholders in ensuring compliant disclosure of PHI with four key responsibilities:

  • Recognize the general compliance issues associated with the release of medical records—PHI disclosure—to outside third-party requesters;
  • Target-specific compliance risks associated with disclosure management as the organization grows through merger and acquisition;
  • Promote best practices to standardize disparate processes for PHI disclosure; and
  • Support centralization under one compliance umbrella—enterprise-wide PHI disclosure management.

This article provides compliance teams with foundational insights to mitigate risk, ensure compliant disclosure of PHI, and work collaboratively across the burgeoning health care enterprise.