You should have remembered that this is what YOU do and NOTHING in what you are citing says ANYTHING about needing to be currently hospitalized. You're simply playing a dishonest game of connect-the-dots. You've shown absolutely nothing over which the time element would make a disclosure impermissible, especially when permission had been obtained at the time of admittance. A confirmation that a patient was admitted meets the minimum necessary standard. Again, there's nothing that says there's a time element that invalidates directory information. As for the self-disclosure, your links aren't bringing up anything to back up the quoted material.
Wrong. A release signed by a parent for the Hawaii DOH to release an address in 1961would not be sufficient for the hospital to now release information. The hospital would have to have a signed release form that was HIPAA compliant to release it now.
Where does it say this?? Let's see a link.
Read a little more carefully, especially the part early on that says “subject to specified conditions” and think about what you read. Hospitals are very wary about disclosing PHI. They usually want a subpoena or court order. The posse has one of those? Has it been presented to an administrative tribunal? Try telling a hospital in Hawaii that a Sheriff’s posse from Arizona can make an administrative request that they should honor.
It's what the law says: Read it:
"as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests ...
This is a very BROAD exclusion. It does NOT require a warrant or subpoena, but it INCLUDES those things. There's nothing here that limits where the administrative request has to come from.
Further, identifying a suspect is not persuasive – if forgery is proved, everyone knows quite well who the suspect is, and doesn’t need PHI.
According to whom?? The suspect might be a former hospital staff member who colluded on the forgery (such as the doctor who allegedly signed the long form). Providing a simple confirmation that SAD was what at the hospital could help clear that up. Sometimes law enforcement is trying to make sure a law wasn't broken. There's no compelling reason for the hospital not to cooperate.
And you need to read this. It completely destroys your claims:
HIPAA allows police access to patients, federal judge rules
If law enforcement comes knocking, physicians can disclose limited medical information related to an alleged incident, he said. But if they aren't sure what is required of them, doctors can seek legal counsel and ask to see a legal request.
link to full story
It's time you quit posting ignorance and misinformation about this subject.
Edge, you’re simply wrong. As part of work, I regularly take courses and test on HIPAA, and you are showing yourself not understanding the law. Let’s go throught it again
A confirmation that a patient was admitted meets the minimum necessary standard. The minimum necessary standard says
A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.[emphasis added]A confirmation that the patient was admitted meets the minimum necessary standard of providing information for family and visitors during the time the patient is in the hospital, or shortly after release. After that, it no longer accomplishes the purpose, and thus exceeds minimum necessary information to perform that function. Or do you believe that a 50 year old directory is necessary to direct visitors now to a patient long since discharged? You’re being ridiculous about this.
You've shown absolutely nothing over which the time element would make a disclosure impermissible, especially when permission had been obtained at the time of admittance.
The permission obtained in 1961 was not for release of PHI. After the law, they must follow HIPAA guidelines, which require “as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing.” Is there a written authorization from 1961 for release of PHI? Does the hospital still have it on file? Is it HIPAA compliant? Does it specify who the information will be released to? Because if not, it is a HIPAA violation.
Where does it say this?? Let's see a link.
Sure - Authorizations must be HIPAA compliant
an “authorization” is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual. An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.[emphasis added]
As for the self-disclosure, your links aren't bringing up anything to back up the quoted material.
Sorry, the original link through goggle docs is not working – try this more direct link instead. The quoted material is at the bottom of page 3 of the PDF.
"as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests ... This is a very BROAD exclusion. It does NOT require a warrant or subpoena, but it INCLUDES those things. There's nothing here that limits where the administrative request has to come from.
What is an Arizona sheriff’s jurisdiction? Hint: it’s over their specific Arizona county. Do they have jurisdiction in Hawaii? Hint: no. Here is what the American Hospital Association has to say
[emphasis added] So what do you think Kapiolani, in Hawaii, where the DOH is thoroughly sick of these repeated requests, is going to say to an Arizone posse official who has no law enforcement authority in Hawaii? Most likely, “Show us a court order!” The DOJ is pretty specific about what qualifies as legitimate law enforcement disclosure under HIPAAIS A HOSPITAL REQUIRED TO DISCLOSE INFORMATION TO A LAW ENFORCEMENT OFFICIAL?
No. Under the HIPAA privacy rule, these are disclosures that a hospital may make to a law enforcement official without obtaining patient authorization. A hospital is not required under HIPAA to make these disclosures. The hospital will need to have procedures for determining whether other laws – whether state, local or federal – may require disclosure to the law enforcement official under the specific circumstances presented by the request.
To qualify as a disclosure for law enforcement purposes, the subject of the protected health information must be the target or subject of the investigation and the activity or investigation may not relate to: (a) the receipt of health care; (b) a claim for public benefits related to health; or (c) qualification for or receipt of public benefits or services where the subject’s health is integral to the claim for benefits or services.77 In such cases, a covered entity may disclose protected health information to law enforcement pursuant to an administrative request only when the material sought is (1) relevant and material to a law enforcement inquiry, (2) the request is limited in scope in light of the purpose for which it is sought, and (3) de-identified information could not be used by law enforcement for the same purpose.78 However, law enforcement may still acquire records from covered entities without meeting these three requirements through the use of a court order, a subpoena issued by a judicial officer, or a grand jury subpoena.Given this, Kapiolani would be reckless to release anything to Sheriff Arapio’s posse without a court order or subpoena.
The suspect might be a former hospital staff member who colluded on the forgery (such as the doctor who allegedly signed the long form). Providing a simple confirmation that SAD was what at the hospital could help clear that up. Sometimes law enforcement is trying to make sure a law wasn't broken. There's no compelling reason for the hospital not to cooperate.
Wrong, for all the reasons I’ve already cited. “Making sure a law isn’t broken” is not a valid exception to HIPAA.
HIPAA allows police access to patients, federal judge rules If law enforcement comes knocking, physicians can disclose limited medical information related to an alleged incident, he said. But if they aren't sure what is required of them, doctors can seek legal counsel and ask to see a legal request.
I suggest you read your own link again. It’s about a hospital worker barring access to a victim of a crime. Which, you may recall, is a specific exception in the law enforcement section of HIPAA. It’s not about disclosure of PHI 50 years later. Good try, but do read what you link.
It's time you quit posting ignorance and misinformation about this subject.
Hm, let’s see who is posting ignorance and misinformation? Someone who has to periodically refresh and test on HIPAA? Or you, with a known history of truncating quotes to make them say what you want, and who has a lack of understanding of what HIPAA actually says? Find a lawyer who litigates HIPAA and check with him – that’ll set you straight.