Ask the Expert

Release of medical forms under HIPAA

In regard to the release of medical records, does the patient still have to sign the form? If they do, when do we need to have them sign the form? Does the form only need to be signed when the patient is transfering to another practice, and we will no longer be treating them?

    Requires Free Membership to View

The answers to these questions vary depending upon what type of covered entity you are, specific details of your situation, etc. I can answer this from a high-level, but I still recommend that you obtain outside HIPAA expertise from an attorney or HIPAA consultant. The August 2002 updates to the Privacy Rule includes that consents from patients are no longer required. However, authorizations for use and disclosure of protected health information must be obtained from patients, except in the following cases:

  • use and disclosure during healthcare treatment, payment and operations
  • those allowing opportunity to agree or object
  • if use or disclosure is exempted under the rule
  • if use or disclosure is required under the rule (for example, to the individual, to the DHHS Secretary, etc.)

There are many other factors to consider, such as whether or not you already have a relationship (e.g., business associate or healthcare services) with the other practice along with what type of service is being transferred (e.g., psychotherapy notes, general healthcare information, etc.) There's a chance that you will not need to have another authorization signed unless the patient's new provider is performing activities (e.g., marketing, research, etc.) that specifically require an authorization for which you did not previously perform.

Bottom line, the Privacy Rule is quite complicated and only outside expertise can get involved and understand your particular situation well enough to make sure you're doing things correctly. It may be expensive in the short-term, but outside expertise will provide value and will save you time, effort and money in the long-term.

I would like to express my deep appreciation to Becky Herold, Senior Security Architect at QinetiQ Trusted Information Management, Inc., for her expertise on this particular issue.


For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: HIPAA privacy changes trickle down to IT
News & Analysis: Experts answer users' HIPAA questions
Best Web Links: Securing healthcare/health services


This was first published in October 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: