The health care industry is consistently confronted with the important issue of protecting patient privacy. Read the case example, “HMO Revises Process to Obtain Valid Authorizations,” linked in the Resources. In reference to the case, discuss why data and information sharing can be difficult in relation to protecting patient information. Include some solutions that are used to resolve these difficulties.
A complaint alleged that a health maintenance organization (HMO) impermissibly disclosed a member’s PHI when it sent her entire medical record to a disability insurance company without her authorization. An Office for Civil Rights (OCR) investigation indicated that the form the HMO relied on to make the disclosure was not a valid authorization under the Privacy Rule. Among other corrective actions to resolve the specific issues in the case, the HMO created a new HIPAA-compliant authorization form and implemented a new policy that directs staff to obtain patient signatures on these forms before responding to any disclosure requests, even if patients bring in their own authorization form. The new authorization specifies what records or portions of the files will be disclosed; the respective authorization will be kept in the patient’s record, together with the disclosed information.