Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book (0 page(s))
 Help

**This is an old revision of the document!**

Table of Contents

USE AND DISCLOSURE OF HEALTH INFORMATION

  • Use and disclosure of health information shall only be to the extent of consent given by the patient and for the following purposes:
    a. For planning of quality services.
    b. DOH reporting intervention and disease prevention.
    c. Continuing care to patients.
    d. Requirements and reporting for communicable and notifiable diseases as well as those with serious health and safety threat to the public such as, but not limited to:
    Meningitis
    Food poisoning (mass)
    Breakthrough epidemic of contagious disease
    Biological or chemical warfare
    Anthrax
    Emerging and re-emerging diseases
    Ebola
    e. Reporting of serious and less serious physical injury.
    f. Reporting of maltreated or abused child to proper authorities.
    g. Mandatory reporting required by licensing and accreditation bodies (DOH, PhilHealth, etc). A list of mandatory requirements shall be stipulated.
  • In the context of privilege communication, both patient and physician must provide consent for its use and disclosure otherwise, information shall not be released.
  • After discharge from the hospital the following information can be disclosed:
    a. Clinical abstract
    b. Laboratory result
    c. Doctor's order
    d. Discharge summary
  • The PHCP has the authority to disclose information upon patient request for his legitimate personal use such as release of insurance/HMO required medical record provided that there is a clear agreement/contract made between the HMO and the patient.
  • For patients who are U.S. war veterans, they should come with a signed consent in order to release their medical records.

Use and disclosure of health information by government agencies:

  • A specified person/staff in DOH shall be appointed to issue the order for the use and disclosure of health information.
  • Before a disclosure is made to any other government agency, there must be a court order. It is only in cases of emergency such as that provided in Sec. 15, where disclosure can be done without court order. This would be situations where time is of the essence such as:

a. For PNP subpoena, obtain consent of patient before death otherwise, consent should be obtained from next of kin.
b. For medical/financial assistance requesting abstracts or similar documents, authorization of patient is required.

  • Patient records shall not be released or disclosed without a valid court order. Without a court order, release of information shall be pursuant to hospital policy.
  • Disclosure of health information of a deceased individual shall be to the authorized legal representative.
  • A process on how to disclose medico-legal cases should be defined. PNP Duces Tecum shall be honored and complied with if signed by the head of the agency.
  • Guidelines for retrieval of information for purposes of PRC requirements shall be made.

Use and Disclosure of Health Information by a third party:

  • Third party providers shall not disclose health information other than as provided by contract with the PHCP or as required by law. They shall also agree to use appropriate safeguards to prevent use and disclosure of the health information other than as provided by contract with the primary health care provider or as required by law.
  • Third party providers shall report to the primary health care provider any use or disclosure of health information not provided for by the agreement of which it becomes aware, including breaches of unsecured health information, and any security incident of which it becomes aware.
  • A non-disclosure clause shall be included in the contract of the schools with affiliations to a health facility.

* All research protocols pertaining to patient condition shall pass thru strict review by the Institutional Review Board to safeguard patient information. Protocols for requesting and accessing aggregate and de-identified information for research, both public and private, should be clearly defined.

  • For facilities not participating in PHIE, they shall:

a Make a workflow and a notification protocol for reporting requirements (Suggestion: to use the present epidemiologic surveillance framework).
b. Immediately notify the RESU (using the present framework) then the DOH will notify the EMR, the EMR to the facility. The EMR must have codes which gives them the signal to release the information.

Others

  • Patient orientation regarding data privacy disclosure shall be done.

References:

  • Herold R., Beaver K. (2015). The Practical Guide to HIPAA Privacy and Security Compliance. 2nd edition. Boca Raton, FL: CRC Press.

--

See Also