A disclosure is a release, transfer, access to, or divulging of information outside of Cardiology Medical Group. In general, patients have the right to know who has received his/her health information for reasons other than treatment, payment, health care operations, or disclosures specifically authorized by the patient. Examples of this are public health activities (reporting vital statistics, communicable diseases, cancer/tumor registries), reports about victims of abuse, neglect, or domestic violence, releases as a result of a subpoena, disclosures about decedents to coroners, medical examiners, or funeral directors, and other disclosures required by law. Under HIPAA, disclosures that are not part of treatment, payment, and/or operations and that are not authorized by the patient must be tracked.
Included in the Accounting
The following disclosures must be recorded using the Accounting of Disclosures System (ADS) if protected health information is disclosed. This list is designed to capture the most common disclosures, but there may be others that are not listed. If you are unsure whether a disclosure should be tracked, check with your supervisor or e-mail email@email.com.
|
Disclosure |
Examples |
|
For public health purposes |
Immunizations Infectious/communicable disease reporting (e.g., HIV, STD, TB, foodborne) Vital statistics (e.g., birth and death certificates, fetal death, teen suicides) Newborn screening Oregon death with dignity (physician-assisted suicide) Reports of death for purposes of organ donation Poison control Lead poisoning Suspected pesticide poisoning Animal bites |
|
About victims of abuse, neglect, or domestic violence (This includes disclosure to Social Services or a protective service agency to report.) |
Domestic violence and intimate partner violence Elder abuse Child abuse Abuse of mentally ill or developmentally disabled |
|
For health oversight activities |
Audits (e.g., by Center for Medicare & Medicaid Services) Inspections (e.g., Dept. of Health & Human Services, Office for Human Research Protections) Oversight Reviews (e.g., OMPRO; OR Dept. of Health) |
|
For judicial or administrative proceedings |
Court orders Subpoenas |
|
For law enforcement purposes |
Reporting of gunshot wounds |
|
To coroners, medical examiners, or funeral directors |
About decedents |
|
For cadaveric organ, eye, or tissue donation and transplantation purposes |
Activities related to Medicare conditions of participation |
|
For human-subject research that does not obtain a subject’s authorization |
Research that receives a waiver of authorization by the IRB Research involving the health information of decedents |
|
To avert a serious threat to health or safety |
|
|
To the Food and Drug Administration (FDA) for purposes related to the quality, safety, or effectiveness of a FDA- regulated product or activity |
To report adverse events To track FDA-regulated products To enable product recalls, repairs, or replacements |
|
Otherwise required/permitted by law |
For worker’s compensation To registries (external to OHSU) including: cancer (OSCaR), trauma (OTR), and immunizations (ALERT) To advisory boards, such as the State Trauma Advisory Board Hospital holds for mental health To state crime lab Reports regarding Medical Marijuana Act Program |
|
Unauthorized disclosures |
Misdirected fax or e-mail Release of information based on invalid authorization |
|
Any other purpose that does not meet the “Not required” list below |
|
Not Included in the Accounting
The following disclosures of protected health information do not need to be included in the accounting of disclosures:
|
Disclosures that are excluded |
Examples |
|
To carry out treatment |
Disclosures to other health care providers for their treatment activities. |
|
To carry out payment |
Disclosures to other health care providers and payers for their payment activities. |
|
To carry out health care operations from academic health care centers |
This includes: quality improvement, outcomes analysis, developing clinical guidelines, training or education, medical review, legal services, auditing functions, business planning and development, fraud and abuse detection, accreditation, licensing, certification, credentialing, and general administrative functions. |
|
To carry out certain health care operations of another health care provider or health care payer if an academic health care center and the receiving entity has or had a relationship with the patient, the health information disclosed pertains to such relationship, and the disclosure is for one of the activities found in the Example column |
Conduction quality assessment and improvement activities (including outcomes evaluation and development of clinical guidelines). Case management or care coordination. Professional performance review, health care provider training, accreditation, certification, licensing, or credentialing activities. Health care fraud and abuse detection or compliance. |
|
Made as a result of a signed patient authorization |
|
|
That occurred prior to April 14, 2003 |
|
|
To patients about themselves |
|
|
For the academic health care center facility directory |
A listing of patients used to address inquiries from outside of academic healthcare center about patients’ condition or location. |
|
To persons (family, friends, etc.) involved in the care or payment of health care of the patient |
|
|
Made incidentally to a permitted or required use and disclosure |
|
|
As part of a limited data set |
Health information that excludes specific direct identifiers of the patient. |
|
For national security or intelligence purposes |
|
|
To correctional institutions or law enforcement officials having lawful custody of an individual |
Custody of an inmate. |