Purchase any WEBINAR and get
10% Off
CODE: SAVE10
T&C applicable, please referFAQ
Validity : 26th Apr'24 to 06th May'24
Sharing Information with Family and Friends Under HIPAA — HHS Guidelines and Good Practices
- When sharing PHI with family and friends is permitted
- How to identify who may be considered a family member or friend
- How a Personal Representative under HIPAA is different from just a family member or friend
- The amount and kind of information that may be shared with family and friends
- Using the telephone to discuss a patient with family or friends involved in the patient’s care
- Provisions for approval by the individual of disclosures to family and friends
- Policies and procedures that should be in place for appropriate sharing of information with family and friends
- Penalties for improper sharing of PHI with family and friends
Overview of the webinar
One of the toughest situations that healthcare professionals can face is whether or not to share information about an individual with the individual’s family and friends involved with the individual’s care. These situations arise when family and friends need to know more about an individual than may usually be available, to help with care, to help with payment for services, and to help calm the fears and properly inform those who are involved with the individual.
Disclosures to family and friends involved with an individual’s care are allowable disclosures under HIPAA, subject to objection by the individual and new guidance from HHS OCR is designed to clarify when these disclosures are allowed and what the process is for making the disclosures and for seeking permission from the individual when appropriate. The guidance and rules for these disclosures will be explained so that the correct decisions can be made in sharing information, including how to treat special situations such as same-sex marriage.
Especially in situations where family and friends are likely to be present, such as in an Emergency Department or Immediate Care Clinic, the organization must train patient-facing and family and friend-facing staff on the proper ways and circumstances in which to ask the patient about sharing information and to share information when the patient cannot provide permission. Mishandling these situations can lead to complaints and significant penalties.
Guidance will be gathered from several source materials and presented so as to provide a clear understanding of how to prepare your staff and be ready to act within the rules when the right way to share information with family and friends is a question. Circumstances in which the question arises will be discussed, and ways in which to secure and document permission will be explained.
Who should attend?
Attendees should include Compliance Officers, Privacy and Security Officers, and leadership and staff in health information management, information security and patient relations, as well as staff in patient intake and front-line patient relations and any others that are involved in, interested in, or responsible for, patient communications, information management, and privacy and security of Protected Health Information under HIPAA, including:
- Compliance Director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/Lawyer
- Office Manager
- Contracts Manager
Why should you attend?
Patient Rights under HIPAA have become a focus of the US Department of Health and Human Services Office for Civil Rights. In addition to sharing information with the individuals who are being treated, there are rules for the appropriate sharing of information with family and friends involved with an individual’s care, subject to objection by the individual. This area of compliance, like the individual rights of access to records, is a new focus of guidance from HHS and an area where HHS sees numerous complaints from the public.
Of course, there are many things to consider when deciding whether or not to share information with family and friends involved with the individual’s care. You need to make sure you ask the patient for permission if you are able to, but you don’t need to get an official HIPAA Authorization. You need to share the information that is necessary, but not share any that is not related to the issue at hand. For instance, to pay the mother’s hospital bill, the daughter doesn’t need to know all the details of the medical record, only the information that relates to the charges being paid.
For the most part, these rules permit the appropriate sharing of information in a considerate, compassionate way that would be considered reasonable. Examples include sharing mobility information with someone who is picking up a patient at the hospital, updating a friend who brought a patient to the Emergency Department, discussing a patient’s health while there are others in the room considered to be friends or family and situations according to the provider’s professional judgment. In all cases, if permission can be sought, it should be, and if it is denied, the denial must be honored.
Faculty - Mr.Jim Sheldon-Dean
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 16 years of experience specializing in HIPAA compliance, more than 34 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and 8 years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.