General Surgery Coding Alert

Question: Do you have any advice to help us protect our patients’ health information, if they receive care from multiple departments in the hospital? We are really interested in learning the best way to protect this info if the patient receives care that she doesn’t want to disclose to her health plan.

Alaska Subscriber

Answer: Unfortunately, just because you flag a service that a patient doesn’t want disclosed to her health plan doesn’t mean that information couldn’t still get leaked or pop back up at any time, such as during follow-up care services. But you can plug these holes by asking certain questions to dig down into your organization’s information flow.

When a patient requests that you not disclose protected health information (PHI) to her insurer, make sure you can thoroughly honor this request by asking the following questions:

• Where in the record will the patient’s disclosure-restriction request be identified?
• How will the information travel to various departments?
• Who will receive the information, and how will they receive it?
• Are there checks and balances built into the system to identify that the information is traveling to the end user?

Bottom line: “Since OCR [Office for Civil Rights] will expect you to follow any policy in place or agreement made, don’t agree to sequester PHI if your system isn’t reasonably able to do so,” advises Terri Brame Joy, MBA, CPC, COC, CGSC, CPC-I, director of operations with Encounter Telehealth in Omaha, Nebraska.