We know that most of you are familiar with HIPAA; however, reviewing this from a compliance perspective is key. Let’s discuss the following, such as:
PHI is defined as individually identifiable health information in any form, electronic or non-electronic, that is held or transmitted by a covered entity.
Examples of PHI are:
Minimum necessary means to disclose the minimum amount of PHI needed for the intended purpose.
Your compliance team will play a role in creating a policy to limit the use of PHI so that the entire patient medical record is not disclosed unless it is necessary for the treatment or requested by the patient or third party.
An example of policy verbiage should include but not limited to:
The following are disclosure examples that does not require an individual’s authorization, such as:
We suggest that you train your staff at least annually, which will protect the practice and reduce the number of possible OIG calls due to non-compliant factors.
**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties. Research, modify, and tailor the advice to fit your specialty.