General Surgery Coding Alert

Reader Questions:

Keep Family History HIPAA Compliant

Question: When our surgeon gets a referral for a procedure, the referring physician sometimes includes information about the patient’s family medical history. Is that information protected by HIPAA? Is it ok for physicians to share that information?

AAPC Subscriber

Answer: Yes, a patient’s family medical history constitutes protected health information (PHI). The HHS Office for Civil Rights (OCR) says that a patient’s family medical history becomes PHI once it’s a part of the medical record.

“When a covered health care provider, in the course of treating an individual, collects or otherwise obtains an individual’s family medical history, this information becomes part of the individual’s medical record and is treated as ‘protected health information’ about the individual,” OCR says.

Crucial: Even if a family member is mentioned in a patient’s medical history, the patient — not the family member mentioned — retains control over who the information can be shared with.

“Thus, the individual (and not the family members included in the medical history) may exercise the rights under the HIPAA Privacy Rule to this information in the same fashion as any other information in the medical record, including the right of access, amendment, and the ability to authorize disclosure to others,” OCR says.

Key: A covered healthcare provider may share PHI with another covered healthcare provider. They may even share a family member’s PHI with another provider in the course of caring for a patient. “For example, an individual’s doctor can provide information to the doctor of the individual’s family member about the individual’s adverse reactions to anesthetics prior to the family member undergoing surgery,” OCR reminds. You can use and disclose this type of PHI without written authorization or other agreement.

Psychotherapy notes are the only exception and require written authorization from the individual.