Ophthalmology and Optometry Coding Alert

Question: Our local Department of Motor Vehicles asked our office to perform vision tests for its employees, who often ride in the car with customers. The DMV paid us for the tests. Can we disclose the exam/test results to the employer (the DMV) without obtaining an authorization from the patient?

Codify Subscriber

Answer: Although many healthcare providers assume that they don’t need patient authorization in this case, that is not correct. As with any other protected health information (PHI), you generally need the patient’s written, HIPAA-compliant authorization to disclose exam and test results to the employer.

Unlike other treatment situations, however, a provider may condition the performance of an employee physical or test on the patient’s provision of an authorization, for example, the provider may refuse to perform the exam unless the patient executes a valid authorization. Also, the patient’s exam or test results may affect his employment, which would create an incentive for the patient to execute the authorization.

There are a few very limited exceptions where you can forgo patient authorization. You may disclose PHI to an appropriate entity if necessary, to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. Also, HIPAA allows disclosures to employers if the exam was part of a medical surveillance of the workplace, and the employer needs the information to report work-related injuries as required by the Occupational Safety and Health Administration (OSHA), the Mine Safety and Health Administration (MSHA), or similar state laws.

Additionally, HIPAA allows you to disclose PHI as necessary to comply with workers’ compensation laws.

Best practice: If you conduct employment exams, make sure you obtain the patient’s written, HIPAA-compliant authorization before conducting the exam and/or disclosing exam/test results to the patient’s employer.