Capitol City Records

HIPAA Information

The Health Insurance Portability and Accountability Act or HIPAA is a Federal Privacy Rule that was passed in August of 1996. One of the primary purposes of this law is to protect the security and privacy for health data of individuals.

The primary components of this law that affect the practice of record retrieval are sections 164.508 & 164.512(e) which were mandated to be in effect April 14, 2003.Section 164.508 requires that a  valid authorization  accompany a request of Personal Health Information (PHI) such as a Subpoena Duces Tecum.

Section 164.512(e) provides an alternative to the authorization requirement.  The person requesting the PHI must provide the following:

1. A written statement and documentation demonstrating that reasonable efforts have been made to secure a qualified protective order.
2. A written statement and documentation demonstrating that reasonableness efforts have been made to ensure that the individual who is the subject of the protected health information that has been requested has been given notice of the request.
3. A written statement and documentation demonstrating that no objections were filed or all objections filed by the individual have been resolved by the court or the administrative tribunal and the disclosures being sought are consistent with such resolution  

These requirements may prove to be no easier than executing an authorization.

I have attached to this document 2 different HIPAA compliant authorizations for your convenience.  I have also  attached a list of specific requirements which must be included in any HIPAA compliant authorization.

While this law is new and we are at the very early stages of it’s effect I do anticipate a dramatic change in how we do business.

Please call with any questions,

Richard Sykes II

References:

HIPAA Compliant Authorizations:

Authorization for Release of Information

Authorization for Release of Information

HIPAA Guidelines:

 Elements needed in authorizations