Do We Have To Report All Employee Contact With Patients’ PHI?

Wed, Apr 14, 2010

HIT Help Desk

Question: A patient requested that we account for all disclosures of her protected health information (PHI). Does the privacy rule require us to provide her with the names of each employee who accessed her medical information?

Answer: No, says Kelley Meeusen, privacy officer for Harrison Hospital in Bremerton, WA. “HIPAA created a clear distinction between ‘uses’ and ‘disclosures,’” and internal employee access is most likely a ‘use,’ he explains.

A disclosure is when a patient’s medical information is released to a person or entity outside of your organization, Meeusen says. On the other hand, patient information shared within your office to facilitate patient treatment is a use (Section 164.510), he asserts.

Use this quick guide to know which medical information sharing you don’t have to track in patients’ accounting of disclosures:

  • Disclosures for treatment, payment and health care operations (TPO);
  • Disclosures to the subject individual;
  • Incidental disclosures;
  • Disclosures the

Click here to login and get access to this article if you already receive the HIT News Wire
If you've already signed in and are still seeing this screen, click here to refresh the page.
HIT News Wire
Free registration required for full access to articles.
You will also receive
  • Free updates on the latest developments affecting healthcare IT.
  • Discounts on 3rd party offers.
Join now
You must have javascript enabled to use this form
Bookmark and Share
, , ,