In this case study, we explore a complex dispute surrounding HIPAA compliance within a surgical center. A concerned surgeon questioned the quality of patient care provided at the facility, specifically targeting certain procedures.
The surgeon sought an external opinion from a neurosurgeon expert after the practice’s founder dismissed these concerns. For review, he shared redacted medical records.
In response, their employer abruptly terminated them, citing HIPAA compliance violations as grounds for termination. In this case, the question is whether sharing redacted medical records under such circumstances violates HIPAA.
Questions to the Electronic Medical Records expert and their responses
Please describe your professional background in HIPAA compliance.
I am a credentialed health information management and information systems professional with over 15 years’ experience as a Privacy and Compliance Officer.
When is it appropriate and compliant with HIPAA standards for a treatment provider to share redacted medical records with a qualified expert?
The standard for when it is appropriate and compliant for a treatment provider to share redacted medical records with a qualified expert is covered under § 164.514(a) of the HIPAA Privacy Rule.
Generally, a covered entity may use and disclose protected health information (PHI) without their own treatment, payment, and healthcare operations (TPO). TPO includes quality improvement purposes, utilization management, physician and provider credentialing, and other activities that assure appropriate treatment and/or payment.
What are some exceptions to HIPAA standards when patient care concerns arise?
HIPAA provides certain exceptions where disclosure of PHI is permitted without consent, particularly when it pertains to improving patient care or ensuring healthcare quality. However, these exceptions are subject to strict conditions and must be handled with the utmost care.
About the expert
This expert boasts an impressive 30 years of experience in healthcare compliance and electronic health records, underpinned by a strong academic background that includes an MBA and a post-baccalaureate certificate in clinical informatics. They hold certifications in healthcare information and management systems, professional healthcare quality, and are a certified electronic discovery specialist. Their extensive career has seen them serve as the director of medical records and utilization management, director of clinical informatics, and currently as a compliance and privacy officer at a physicians association.