Try for Free

Missed the July 1st Deadline for SB 553? Take action now to avoid heavy fines!

How and When to use PHI in relation to HIPAA Laws

Private Health Information (PHI) can be used for a variety of reasons without authorization. For instance, healthcare providers can freely use PHI to facilitate treatment, for payment processing, and for healthcare operations, which are commonly referred to collectively as TPO.

0

When is PHI mandatory to Report?

If people request information from their record, as a covered entity, you must disclose the information, unless an exception applies. Another mandatory disclosure is to the Department of Health and Human Services, for a compliance investigation. Sometimes, disclosures of PHI are required by law; common reasons can include reporting vulnerable adult abuse, reporting child abuse, when there is a court order signed by a judge, when there is a threat to public health, and sometimes for disaster relief purposes and to report vital statistics to the government.

When is PHI mandatory to Report?

Using PHI to Process Healthcare Payments

In this chapter, we’ll take a closer look at some of the healthcare business operations where a healthcare provider has the right to use and disclose PHI. For example, healthcare providers are free to use PHI to process healthcare payments. However, if an individual has paid out of pocket in full for the medical services they receive, they have the right to restrict disclosure to the health plan provider. 

Using PHI to Process Healthcare Payments
Get started today in 5 minutes
Examples of Using PHI without Authorization

PHI can be used without authorization to facilitate treatment, for payment processing, and to conduct healthcare business operations.

1
Business Associate Agreements

For instance, you may disclose PHI to Business Associates without authorization if you have a business associate agreement in place. An informal authorization is acceptable in the case of discussing treatment and outcomes or payment with the individual’s caretaker who could be a friend or family member when the information is directly relevant to this person’s involvement with the individual’s care.  

2
Conducting Healthcare Business Operations

Some examples of such operations are a variety of activities of a covered entity including, but not limited to: quality assessment and improvement, outcome evaluation and development of clinical guidelines, reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs, accreditation, certification, licensing, and credentialing.

3
Incapacitated Patients

If the individual is incapacitated and there is no authorized representative, medical professionals may use their professional judgement and ethics in determining what information to disclose. It is possible for PHI to be disclosed to the personal representative of the individual, if: The individual’s representative’s identity is verified and proper procedures are followed for a response to a request for access.

Disclosing PHI without Explicit Permission

A healthcare provider has the right to use and disclose PHI without explicit permission for a variety of business activities. Examples of these activities include but are not limited to:  

Here are some myths to look out for:

  • -

    Quality assessment and improvement

  • -

    Outcome evaluation and development of clinical guidelines

  • -

    Reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs

  • -

    Accreditation, certification, licensing, and credentialing

Image for See why 8,000+ businesses love EasyLlama
See why 8,000+ businesses love EasyLlama

HIPAA Training to Benefit your staff members

The primary benefit of HIPAA training that includes private health information is that it helps ensure that healthcare providers, staff, and other individuals who handle private health information are aware of their obligations to protect the privacy and security of patients’ data. EasyLLama’s HIPAA training courses for Business Associates and Covered Entities helps ensure that all healthcare professionals are familiar with the rules and regulations set forth by HIPAA and that they understand the importance of protecting patient privacy.

HIPAA Training to Benefit your staff members

Helping over 8,000+ organizations create a safer, more inclusive company culture.

logo 1
logo 2
logo 3
logo 4
logo 5
logo 6
logo 7
logo 8
logo 9
logo 10
logo 11
logo 12
logo 13
logo 14
logo 15
logo 16
logo 17
logo 18
logo 19
logo 20
logo 21
logo 22
logo 23
logo 24
logo 25
logo 26
logo 27
Get more from easyLlama
The Most Comprehensive HIPAA Training Solution

EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:

Chapter 1: Introduction and Overview of HIPAA
Chapter 2: The Privacy Rule
Chapter 3: Minimum Necessary Requirements
Chapter 4: How and When to Use PHI
Chapter 5: Individual Rights
Chapter 6: Business Associate Agreement
Chapter 7: The Security Rule
Chapter 8: The Enforcement Rule
Chapter 9: The Breach Notification Rule
Chapter 10: HIPAA Timeline and Updates
Chapter 11: What Have We Learned?
Chapter 12: Conclusion
Get more from EasyLlama
Using the HIPAA Minimum Necessary Requirement
Using the HIPAA Minimum Necessary Requirement
Learn more
Learning About the HIPAA Privacy Rule
Learning About the HIPAA Privacy Rule
Learn more
Introduction to HIPAA Workplace Training
Introduction to HIPAA Workplace Training
Learn more
Image for Get Started
Image for Get Started
Get started in just 5 minutes
Learn Why 8,000 Businesses Have Trusted Easy Llama To Inspire Their Staff To Have Better Communication And Collaboration.