In a Journal of AHIMA article, MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy, offers insight and tips on how Health Information Management (HIM) professionals can address risks related to handling PHI disclosure when faced with a lawsuit.

Health information management (HIM) professionals must be prepared to address risks related to release of information (ROI) and protected health information (PHI) disclosure management when a lawsuit is involved. In the event of litigation, your organization can expect to receive requests for patient records regarding a specific encounter or incident.

If your facility is facing a lawsuit, crossover between HIM and risk management is inevitable. For example, risk management may have electronic health record (EHR) access, with the ability to pull information as needed to prepare for an investigation. The situation can be tricky when risk management has prepared information for the hospital’s attorney, while opposing attorneys have come through ROI. We’ve seen cases where there are two sets of records, from different print queues, presented in court. Ensuring consistent information is critical.

The following hypothetical case study emphasizes the importance of collaboration among all parties—including HIM, risk management, legal counsel, compliance, privacy, and data integrity—when release of information is required as part of a lawsuit.