For example, physicians discussing a specific patient’s case on a crowded elevator could be a HIPAA violation.In this situation, a reasonable safeguard – such as not disclosing PHI in a crowded, public setting – would be expected when the case could easily be discussed in a more private setting.
It is important to note that HIPAA does not require that the PHI be disclosed to the requesting provider in this example.
In fact, HIPAA only requires disclosures in two circumstances: to the patient and to the U. Department of Health and Human Services (HHS) for compliance purposes.
A recent New York Times article detailed cases where important clinical information did not reach providers, all in the name of HIPAA.
When it comes to emergency medical care, complete information is vital to making the best clinical decision.
While serving as the protector of PHI, limiting disclosures without patient authorization, and generally ensuring that people’s private medical conditions are not broadcasted in public, HIPAA is often misunderstood and misapplied in practice.
Incorrectly applied invocations of HIPAA can sometimes limit access to vital information and harm patients.Below are 10 clinical situations in the ED where HIPAA is commonly invoked and how HIPAA actually applies to those situations.Keep in mind, however, that every investigation of an alleged HIPAA violation is very fact-specific.10 common emergency care situations where the Health Insurance Portability and Accountability Act of 1996 may be improperly invoked Next year marks the 20th anniversary of the passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).HIPAA’s purpose is to protect the privacy and security of protected health information or “PHI.” PHI is individually identifiable information in any form relating to an individual’s healthcare, payment for healthcare, or physical or mental health condition.For example, the “minimum necessary” rule requires that the PHI disclosed for non-treatment related purposes must be limited to the minimum amount necessary to accomplish the intended purpose of the disclosure.In other words, only relevant information may be disclosed.Providers must first provide patients the opportunity to agree or object to the disclosure of “directory information.” If the patient is incapacitated, the provider must inform the patient that such disclosures were made and give the patient the opportunity to object to further disclosures as soon as practicable.This requirement protects, for example, victims of domestic abuse who may not want their whereabouts divulged to their abuser.What HIPAA says: Most of HIPAA’s disclosure exceptions are permissive; meaning that the provider may use professional judgment when deciding whether or not to disclose the information.If the records request is for treatment purposes, HIPAA permits disclosure to another provider without patient authorization, i.e., without an authorization document that meets certain requirements.