Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-35676

Add language to clarify that not all legal requests are up to org policy - HIPAA has specific procedures that must be followed regarding these types of disclosures

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Highest Highest
    • US SDOH Clinical Care (FHIR)
    • 1.0.0
    • Patient Care
    • STU
    • Privacy and Security
    • 14.5
    • Hide

      will add references as indicated in the description

      Show
      will add references as indicated in the description
    • Bob Dieterle / Jay Lyle : 7-0-1
    • Clarification
    • Non-substantive

    Description

      Recommend the following edits to the second paragraph under "Additionally Protected Information" (14.5): 

       

      Where permitted by law and in accordance with legal requirements and, where appropriate, consent of the individual, release of additionally protected information SHALL always be supported. Release of the information without explicit request of the patient/member SHALL be based on organization policy consistent with Federal and State regulations. Examples are legal requests for information (HIPAA includes specific guidelines around who and which entities are duly authorized to make such requests and processes that must be followed at 45 CFR 164.512(e)-(f) and "break glass" to treat a patient that is unable to provide consent (HIPAA speaks to the conditions that allow covered entities to use or disclose PHI when an individual is incapacitated at 45 CFR 164.510(a)(3)).  

      Attachments

        Activity

          People

            Unassigned Unassigned
            molly.malavey@ama-assn.org Molly Reese (Inactive)
            Laura Hoffman (Inactive), Molly Reese (Inactive)
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: