According to a recent article from Health IT Security, the 2016 shooting at an Orlando nightclub prompted Office for Civil Rights to release a clarification on aspects of the Patient Health Information disclosure as it relates to a patient’s loved ones. The office cited Supreme Court rulings on same-sex marriages and stated that the provisions are not limited by the sex and gender identity of a person when it comes to the determination of who is, by law, considered a family member.
The PHI disclosure in the HIPAA privacy rule allows a patient’s health status to be shared by covered entities with an individual’s family member, other relative, or close personal friend as it relates to that person’s ability to act on behalf of the patient in making decisions regarding healthcare, if that person is directly involved in the patient’s care or payment of that care. The clarification states that it left to the covered entity’s professional judgement to decide if the disclosure is proper or not, and recommends that — whenever possible — the covered entity should attempt to get verbal direction from the patient regarding PHI disclosure.
As you well know, HIPAA compliance is about more than who one can disclose patient information to. It is also about safeguarding the information about your patients or clients that you store within your data and data centers. Our Senior Solutions Consultants are ready to work with you on developing a solution that includes firewalls, encryption tools, and processes to help you prevent security risks. For more information, contact us.