To send or not to send -- a weekly HIPAA messageHIPAA, the "Health Insurance Portability and Accountability Act of 1996," provides federal protection of patient health information. You will be receiving weekly messages to help you understand the topic and how it impacts your job. Today's HIPAA message deals with releasing protected health information from a database.
If I receive a request for a report from a database that contains PHI (protected health information), can I release it? Examples of reports would include generating a list of patients with particular diagnosis codes or generating a list of patients with a particular procedure code.
First you must verify that the disclosure is permissible under HIPAA. Refer to the Use and Disclosure of PHI policy (UNMC Policy #6057 Use and Disclosure of PHI). Ask the requestor to complete a "Request for PHI" form (Request for PHI form) and submit it to you prior to releasing the information.
If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.