When can a provider share patient information?

“When possible, the patient should always be given an opportunity to object before protected health information is shared,” said Linda Hudson, chief HIPAA compliance officer for USA Health. “If the patient’s condition prevents this, a provider should use his or her professional judgment to decide if disclosing the information is in the patient’s best interest. Only information that the person involved needs to know about the patient’s care or payment for care should be shared.”

The HIPAA Privacy Rule, implemented after the passage of the Health Insurance Portability and Accountability Act of 1996, sets national standards for the protection of certain health information. HIPAA violations can range from $100 to $50,000 per violation and may be imposed upon individuals and entities.

The potential sensitivity of the patient information should be weighed, Hudson said. An example might be a diagnosis of HIV/AIDS or other sexually transmitted infection.

She stressed that the patient’s wishes rule. “If a patient has requested that information not be shared, no information can be disclosed to any family member, friend or visitor,” she said.

Hudson offered these examples of when patient information may be shared in compliance with HIPAA:

• A physician may discuss medications that a patient needs to take upon discharge with the relative who is driving the patient home.
• A nurse may tell family members who are waiting for a patient in surgery that the surgery is complete and give the condition of the patient.
• A hospital may discuss a patient’s payment options with the patient’s adult child.
• A physician may discuss a patient’s treatment with the patient in the presence of a friend who has accompanied the patient into the treatment room.

If you have questions about sharing patient information, please call the USA Health HIPAA Compliance Office at (251) 470-5802.