Information is vital to providing proper health care. As a practitioner in Pennsylvania, you know this better than most. Data drives the decisions that you make regarding your patients. Yet the information that they entrust you with (and that which comes to light during the course of their care) is often of a very sensitive nature. Thus, it must be managed appropriately. If it is not, you could face potential penalties.

Your patients will likely not understand the rules and regulations governing the sharing of their vital information. That may not stop them from accusing you of misusing it. Ensuring that an accusation remains just that requires that you understand exactly what is expected of you under the Health Insurance Portability and Accountability Act.

HIPAA was enacted to govern the flow of healthcare information between healthcare providers, insurance companies and other parties involved in the care process. It mandates that certain information only be disclosed under certain circumstances while allowing other types to be shared freely. First and foremost, it should be understood that HIPAA’s restrictions do not apply to de-identified information. Such information lacks any identifying information that a viewer could use to trace back to a patient that it describes.

According to the U.S. Department of Health and Human Services, you are allowed to disclose normally protected health information (with a patient’s authorization) in the following situations:

  • When disclosing it to the patient
  • To assist with your own operational activities
  • When the patient is informally given the chance to agree or object
  • In cases incident to an otherwise authorized disclosure
  • To protect public interest and safety

Under HIPAA, you are required to release information when the patient requests it, or the HHS requests it when undertaking a compliance investigation.