Release of Information is the intricate process of providing requesters with necessary medical records while also protecting your patient’s privacy and security. This requires complete compliance with HIPAA and HITECH as well as state regulations pertaining to releasing this highly confidential medical information.
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, was implemented to improve the efficiency and effectiveness of the health care system. HIPAA consisted of the Privacy Rule and the Security Rule.
The HIPAA Privacy Rule established national standards to protect individuals’ medical records and other personal health information. This rule applies to health plans, health care clearinghouses, health care providers and their business associates, all of which are referred to as covered entities. The Privacy Rule requires safeguards to protect the privacy of
personal health information (PHI), and sets limits on the uses and disclosures of PHI without patient authorization. The rule also gives patients certain rights over their PHI, such as obtaining a copy of and requesting corrections to their medical record. Compliance with the HIPAA Privacy Rule was required as of 4/14/03.
The HIPAA Security Rule established national standards to protect individuals’ electronic PHI created, received or used by a covered entity. The rule requires administrative, physical and technical safeguards to ensure confidentiality and security of electronic PHI. Compliance with the HIPAA Security Rule was required as of 4/20/05.
HITECH, or the Health Information Technology for Economic and Clinical Health, Act was implemented in 2010. This act promotes the adoption and meaningful use of health information technology. The HITECH Act also expands upon privacy and security issues associated with the electronic transmission of PHI, including strengthening civil and criminal penalties for breaches of HIPAA rules.