Sponsored by the HealthcareTrainingInstitute.org providing Quality Education since 1979
Add to Shopping Cart

HIPAA: Seting Ethical Client Boundaries 
3 CEUs HIPAA: Seting Ethical Client Boundaries

Section 7
HIPAA & its Effect on Clinics

Question 7 | Ethics CEUs Answer Booklet | Table of Contents | Confidentiality CEU Courses
Social Worker CEUs, Psychologist CEs, Counselor CEUs, MFT CEUs

Duties
By law, The clinic must keep protected health information private. The federal government defines protected health information as any information, whether oral, electronic or paper, which is created or received by Clinics and relates to a patient’s health care or payment for the provision of health care. This includes the results of tests and notes written by doctors and nurses, as well as your name, address and telephone number. Clinics will follow the rules of its privacy notice currently in effect.

How Clinics fulfill these duties
• Clinics make every effort to maintain the confidentiality of medical information.
• Clinics take necessary precautions against inappropriate use or disclosure of medical information.

A word about federal and state law
Federal and state laws require Clinics to protect your medical information, and federal law requires Clinics to describe to you how we handle that information. When state and federal privacy laws differ, and state law is more protective of your information or provides you with greater access to your information, then state law will override federal law.

Part I Treatment, payment and health-care operations
This section describes the most common uses of protected health information. These apply to virtually all Clinic patients. There are three common ways Clinics will use medical information. They include treatment, billing and health-care operations. Clinics may also release information, where appropriate.

“Protected health information”means any information, whether oral, electronic or paper, which is created or received by Clinics and relates to a patient’s health care or payment for the provision of health care. This includes not only the results of tests and notes written by doctors and nurses, but also certain demographic information (such as your name, address and telephone number) that is related to your health records.

Treatment
Clinics will use and disclose protected health information to provide, coordinate or manage your care. This includes communication and consultation between health-care providers—doctors, nurses, technicians and other members of your medical team. For example, following orthopedic surgery, your doctor may refer you for rehabilitation. Information will be shared to ensure continuity of care.

Payment
Clinics use protected health information to create bills and collect from insurance companies, Medicare and other payers. This includes providing information such as dates of service, symptoms and diagnosis to your insurance company to show that Clinics provided medical services to you.

Health-care operations
Clinics use protected health information for internal activities to monitor and improve patient care, license staff to care for patients, prepare for state and federal regulatory reviews, manage health-care operations and improve health-care services. Here are some examples:

• To reduce the infection rate after a surgery, it would be necessary to look at medical records to determine the rate of infections that occurred.
• To be licensed to do a certain procedure, a doctor may be required to show that he or she has successfully completed a number of procedures under the supervision of another physician.
• A Federal Drug Administration inspector may review patient records in a laboratory to ensure that accurate and complete records are maintained for patient safety.

Patient contacts
At times, the clinic accesses information, such as name, address and general medical condition, to contact you to:

• Provide appointment reminders
• Provide information about treatment alternatives or other information that may be of interest to you
• Disclose health-related benefits or services that may be of interest to you Philanthropy

Clinics may contact you to raise funds to sustain the Clinics mission. When conducting fundraising activities, Clinics may access only your basic demographic information (such as name and address) and the dates you were treated at The clinic. You may receive letters or other publications asking you to consider making a tax-deductible contribution to The clinic.

Medical research
Medical research is vital to the advancement of medical science. Federal regulations permit use of protected health information in medical research, with either your authorization or when the research study at Clinics are reviewed and approved by an Institutional Review Board before any medical research study begins. In some situations, limited information may be used before approval of the research study to allow a researcher to determine whether enough patients exist to make a study scientifically valid.

Part II Other potential external disclosures
This section outlines less common circumstances that apply to some patients. Federal and/or state law requires or permits Clinics to provide protected health information outside the organization in the following situations:

To avert a serious threat of harm
Clinics use and disclose protected health information to alert those able to lessen or prevent the threat of a serious threat to the health or safety of a patient, another person or the public.

Organ and tissue donation
If Clinic professionals determine that a patient might be a candidate for organ or tissue donation, Clinics may release protected health information to organizations that handle organ procurement, or organ, eye, tissue donation banks, or other health-care organizations as needed to make organ or tissue donation and transplantation possible.

Military and veterans
Under federal regulations, if a patient is a member of the United States Armed Forces, The clinic is permitted to release protected health information as required by military authorities. Clinics also may release protected health information about foreign military personnel to the appropriate foreign military authority. When the military organization is sponsoring the medical evaluation, the patient’s medical information is shared with both the patient and the sponsoring organization. Patients being evaluated on behalf of the military are aware of these arrangements.

Workers’ compensation
If you are seen for a workers’ compensation claim, federal rules permit the release of information related to your claim, as permitted or required by state law.

Public health purposes
Clinics may disclose protected health information for public health purposes. The following are some examples of releases that are allowed for public health purposes:

• To prevent or control disease or injury
• To report births and deaths
• To report maltreatment of a child or vulnerable adult
• To report to the federal government adverse reactions to medication or safety problems with FDA-regulated products
• To notify people of product recalls
• To notify a person exposed to certain types of disease or those at risk for contracting or spreading a disease
• To report vital statistics

Media relations activities
Clinics may share extremely limited information about patients who are seen as a result of an incident documented in a public record. In these cases, if the media contacts The clinic with a patient’s name, Mayo Clinic may provide the patient’s condition in general terms (such as “fair”).

Health oversight activities
Clinics must disclose protected health information to health-care oversight agencies, where required by law. Oversight activities can include licensure, accreditation, audits and investigations. It is standard practice for regulatory agencies such as the Joint Commission on Accreditation of Healthcare Organizations to review a sample of medical records to assure the quality of care provided.

 Clinics must disclose protected health information in response to a valid court or administrative order.

Law enforcement activities
Clinics may disclose protected health information to law enforcement officials:

• In response to a court order or valid warrant
• To identify a suspect, fugitive or missing person
• About the victim of a crime under certain limited circumstance
• About a death believed to be a result of criminal conduct
• About a crime committed on Clinic premises
• In emergency circumstances when necessary to maintain safety and security of Clinic personnel and patients

Coroners, medical examiners and funeral directors
Clinics may release protected health information to a coroner or medical examiner when necessary to identify the deceased or determine the cause of death, or as otherwise authorized by law. Release of information to a funeral director may occur when necessary to handle arrangements after death.

National security activities
Clinics may release protected health information to authorized federal officials for intelligence, counterintelligence or other national security activities authorized by law. Clinics may disclose protected health information to authorized federal officials so they may provide protection to the President or other authorized individuals.

Part III Patients’ rights with respect to protected health Information
Right to inspect and copy
You have the right to inspect and to request a copy of information maintained in The clinic’s records about you. This includes medical and billing records maintained and used by Clinics to make decisions about your care. In certain situations, where providing access may be detrimental to your health, The clinic is permitted by state and federal law to withhold access.

To obtain or inspect a copy of your medical information, submit a written request to the Office of Patient Affairs at The clinic. Clinics may charge a reasonable, cost-based fee to cover the expense of providing the copies.

Most patients have full access to inspect and receive a copy of the full medical record. On rare occasions, Clinics may deny a request to inspect and receive a copy of some information in the medical record. This may occur if, in the professional judgment of your physician, the information could cause a threat to you or others. In these cases, Mayo Clinic may supply the information to an appropriate third party who may then release the information to the patient.

If you are denied access to information, you may request a review of the denial. Another licensed health-care professional who was not involved in the original decision within Clinics will independently review both the original request and denial. Clinics will comply with the outcome of the independent review.

Right to a list of certain disclosures
You can ask The clinic for a list of where The clinic has shared your protected health information. This list would provide you with a summary of all disclosures The clinic has made that you would not otherwise expect or already know about. The list would not include any of the following disclosures:

• for treatment, payment and health-care operations
• made directly to you (the patient)
• that you have specifically authorized
• provided from facility directories
• made for national security or intelligence purposes
• made to correctional institutions or law enforcement having custody of
the patient
• that took place before April 14, 2003

Right to request restrictions
You can ask The clinic to restrict the use or disclosure of protected health information about you.Your request must be in writing and submitted to the Office of Patient Affairs at The clinic.

The clinic will carefully consider all requests. However, because of the integrated nature of The clinic’s medical record, The clinic is not generally able to honor most requests, nor is The clinic legally required to do so.

Right to request alternate methods of communication
You have a right to request that The clinic communicate with you in various ways (such as a letter or phone) or at a certain location. For example, you may ask that contact occur only at home or only at your place of business. In this situation, you may submit a written request to the Office of Patient Affairs at The clinic specifying the communication method or alternate location being requested.

The clinic will accommodate reasonable requests. However, if the request could result in The clinic not being able to collect for services, The clinic reserves the right to require you to provide additional information about how payment for services will be handled.

An authorization
Except as described above or specifically required or permitted by law, The clinic will not use or disclose your protected information without a specific authorization from you. At times, The clinic may ask you to provide a specific written permission to allow The clinic to use or disclose medical information about you.

• An authorization is your signed, written permission to release medical information.You may be asked to sign the same authorization form periodically as required by state or federal law.
• An authorization may be revoked in writing at any time. Written revocation of authorization must be submitted to the Office of Patient Affairs at The clinic.
- Smith, Hugh; Notice of privacy practices; Mayo Clinic Bulletin; 2001.
The article above contains foundational information. Articles below contain optional updates.

Personal Reflection Exercise #3
The preceding section contained information about the effect of HIPAA on clinics’ privacy practices. Write three case study examples regarding how you might use the content of this section in your practice.

Ethics CEUs QUESTION 7
Under what conditions can a clinic deny access to a person’s personal health information? Record the letter of the correct answer the Ethics CEUs Answer Booklet

 
Others who bought this Confidentiality Course
also bought…

Scroll DownScroll UpCourse Listing Bottom Cap

Ethics CEUs Answer Booklet for this course | Confidentiality CEU Courses
Forward to Section 8
Back to Section 6
Table of Contents
Top

The article above contains foundational information. Articles below contain optional updates.
Compliance Front And Center As HHS Keeps Up HIPAA Heat - Law360 (subscription) - April 06, 2017

Compliance Front And Center As HHS Keeps Up HIPAA Heat
Law360 (subscription)
This attention on documentation of HIPAA compliance is likely the result of the OCR's recent HIPAA audit, the frequent assessments of large civil penalties for HIPAA violations by the OCR, and the U.S. Department of Justice Fraud Section's new formal ...

What is a HIPAA Business Associate Agreement (BAA)? - HealthITSecurity.com - April 28, 2017

HealthITSecurity.com

What is a HIPAA Business Associate Agreement (BAA)?
HealthITSecurity.com
But what exactly are HIPAA business associates? Are they held to the same healthcare privacy and security requirements as covered entities? What happens when they violate their obligations? In this primer, HealthITSecurity.com takes a deeper look at ...

Former OCR Advisor on HIPAA Compliance and Data Breaches: “This is a Management Problem, Not a User Problem” - Healthcare Informatics - April 13, 2017

Healthcare Informatics

Former OCR Advisor on HIPAA Compliance and Data Breaches: “This is a Management Problem, Not a User Problem”
Healthcare Informatics
The Department of Health and Human Services' Office for Civil Rights (OCR) has stepped up its enforcement activities in recent years, and 2016 was a very busy year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. In ...
Metro Community Provider Network agrees to $400k HIPAA settlementBecker's Hospital Review
Health Center Agrees to $400K OCR HIPAA SettlementHealthITSecurity.com
Overlooking risks leads to breach, $400,000 settlement | HHS.govU.S. Department of Health and Human Services

all 8 news articles »
First HIPAA Settlement Involving a Wireless Health Services Provider - JD Supra (press release) - April 28, 2017

First HIPAA Settlement Involving a Wireless Health Services Provider
JD Supra (press release)
​On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle alleged violations of the ...

and more »
Guide to HIPAA Compliance for Containers - ADT Magazine - April 06, 2017

Guide to HIPAA Compliance for Containers
ADT Magazine
For organizations using containerized environments to handle ePHI, ensuring HIPAA compliance without sacrificing the benefits of containers can be a challenge. Twistlock's Guide to HIPAA Compliance for Containers outlines clear steps to design and ...

OnlineCEUcredit.com Login


Forget your Password Reset it!