Health Information Compliance Alert

Comply with disclosure-restriction requests by reviewing internal processes.

Just because you flag a service that a patient doesn’t want disclosed to his health plan doesn’t mean that information couldn’t still get leaked or pop back up at any time, such as during follow-up care services. But you can plug these holes by asking certain questions to dig down into your organization’s information flow.

According to Bruce Davidson, RN, MS, MM, LNHA, a health care consulting manager with Eide Bailly, in a recent analysis, when a patient requests that you not disclose protected health information (PHI) to his insurer, make sure you can thoroughly honor this request by asking the following questions:

• When the physician writes his plan for the patient, where in the record will the patient’s disclosure-restriction request be identified?
• How will the information travel to various departments?
• Who will receive the information, and how will they receive it?
• Are there checks and balances built into the system to identify that the information is traveling to the end user?
• How can the patient be assured that her information will remain confidential?
• If the patient’s disclosure-restriction request is breached, what systems will go into effect to assure that other patients’ information is not at similar risk?

Resource: You can read Davidson’s analysis at www.eidebailly.com/industries/health-care/critical-access-hospitals/requesting-a-restriction-of-uses-and-disclosures/