At the start of January, the Office for Civil Rights (OCR) posted more guidance regarding the HIPAA Privacy Rule and who is permitted to receive information from a doctor on a patient’s health status and treatment.
On January 10, the OCR provided further guidance on the HIPAA Privacy Rule, specifically targeting who is allowed to receive information regarding a patient’s health status and treatment. This includes family members, significant others, friends, and care givers.
In most cases, health care organizations have restricted access to a patient’s health information, owing to the fact that they fear reprisal coming from a possible breach. Consequently, many organizations have policies requiring proof that a family member is indeed a family member, such as a birth certificate or marriage certificate. That can complicate matters when friends or family are trying to locate someone after an accident.
Now, the OCR is providing a little guidance to help in situations where someone other than the patient may need information. The OCR specifically states that the Privacy Rule allows covered entities to use their own professional judgement on who should have access to certain information, and also states that the covered entity does not need to require proof of the relationship. The OCR also reminds covered entities that they should get approval from the patient first, when possible.
Covered entities can share information on deceased patients with friends or family members who were involved in the care of the patient or payment for treatment.
Additionally, the OCR warns that a covered entity may not treat a personal representative differently for any reason, including sex or gender identity. This specifically addresses same sex marriage, requiring that a covered entity recognize the rights of the spouse.
For more information on the HIPAA Privacy Rule, join HIPAAgps today! HIPAAgps is a HIPAA compliance tool that helps health care organizations perform and track their HIPAA compliance practices.