|
Take note of this HIPAA Privacy Reminder
Members have contacted the ISMA to advise they are receiving requests from various companies stating they are acting on behalf of an insurance company or attorney’s office. Often, the callers want to confirm that the practice has treated a a particular patient.
These companies also indicate they are contacting all physicians in a particular specialty and zip code to determine if any of the physicians have treated a particular patient.
Health and Human Services (HHS) has stated it is permissible to share protected health information (PHI) with a business associate of another covered entity. Covered entities are health care providers, health care payers and health care claims clearinghouses.
Attorneys and automobile insurance companies are NOT covered entities.
Therefore, no PHI should be shared with these callers without valid authorization signed by the patient. If you improperly release information to an organization that is not a covered entity, you — and not the requesting company — could be subject to HIPAA sanctions!
If you are unsure whether or not you can release information, the best action is to request a copy of the patient’s signed authorization for release of records.
|
