Ask Caryl: Understanding Protected Health Information
Q: What patient information is considered confidential under the Health Information Portability and Accountability Act of 1996 (HIPAA) and included in protected health information (PHI)?
Caryl Serbin: Any information concerning the patient’s condition, treatment, personal affairs or medical records shall be kept confidential, monitored by facility personnel or securely stored when personnel are not present. This includes the following:
All information gathered during treatment and records pertaining to patient care.
Any material identifying the patient (e.g., medical records, appointment books, ledger cards, financial sheets, management information, system reports, lab reports.
Patient data and information, when contributing to or using external databases.
Here are some important steps to follow concerning PHI:
Only release patient information through or with the written consent of the patient, or when compelled by law to do so.
In-service all facility employees on patient confidentiality upon employment and annually thereafter. The in-service should address the security of patient records and the patient’s right to confidentiality.
Require facility employees, management, medical staff and medical affiliates to sign a patient confidentiality statement upon employment and annually thereafter.
Require contracted parties such as housekeeping, laundry and transcription services to sign a patient confidentiality statement at the time of initial contract and annually thereafter.
For more detailed information regarding HIPAA, click here.
Keep those ASC revenue cycle questions coming! Ask Caryl by emailing firstname.lastname@example.org or fill out the form at the top of this page.
Access archived Ask Caryl columns here.
Never miss a new Ask Caryl by following Serbin Medical Billing's LinkedIn page.