Ob-Gyn Coding Alert

Reader Question:

6 Questions Assess PHI Risk

Question: I’m always concerned about protecting our patients’ health information, especially if they receive care that they don’t want to become common knowledge. What’s your advice for these situations, especially when the patient receives care from multiple departments in the hospital?

New Jersey Subscriber


Answer: 
You’re smart to be concerned on your patients’ behalf. Just because you flag a service that a patient doesn’t want disclosed to his health plan doesn’t mean that information couldn’t still get leaked or pop back up at any time, such as during follow-up care services. But you can plug these holes by asking certain questions to dig down into your organization’s information flow.


According to
Bruce Davidson, RN, MS, MM, LNHA, a health care consulting manager with Eide Bailly, in a recent analysis, when a patient requests that you not disclose protected health information (PHI) to his insurer, make sure you can thoroughly honor this request by asking the following questions:

  • When the physician writes her plan for the patient, where in the record will the patient’s disclosure-restriction request be identified?
  • How will the information travel to various departments?
  • Who will receive the information, and how will they receive it?
  • Are there checks and balances built into the system to identify that the information is traveling to the end user?
  • How can the patient be assured that the information will remain confidential?
  • If the patient’s disclosure-restriction request is breached, what systems will go into effect to assure that other patients’ information is not at similar risk?