Article: HIPAA: The Who's, What's, When's, and Why's of Disclosure

Attorney, Jeffrey P. Greenberg has been practicing healthcare and corporate law for over 3 decades in Tampa, throughout Florida, and across the United States.

Call (813) 284-2030 for your Healthcare Law and Corporate Law Legal Needs.

Healthcare Article

‹‹‹ Back to Articles List

Healthcare Article

HIPAA: The Who's, What's, When's, and Why's

In 1996, President Bill Clinton signed the Health Insurance Portability and Accountability Act (HIPAA) into effect. The Standards for Privacy of Individually Identifiable Health Information, or the Privacy Rule, was established by the U.S. Department of Health and Human Services to actually implement requirements. Fundamentally, HIPAA and the Privacy Rule exist to limit the frequency where a person’s protected health information (PHI) could be used or disclosed. The Privacy Rule is the first time in U.S. history that a comprehensive health policy came into effect requiring organizations to augment their standard operating procedures to demonstrate HIPAA compliance.

Disclosures must follow the strict policies of the privacy rule. In accordance with the violation and penalty structures, organizations should strive to always demonstrate positive intent and take all steps necessary to create an environment that prevents incidental or inadvertent disclosures. The Four W’s of HIPAA disclosure provide a framework for who should be cognizant of the privacy rule stipulations during the course of health care business.

WHO: Any group that houses or transmits PHI is effected by HIPAA; this includes a whole host of potential parties including health care providers, laboratories, pharmacies, insurance companies and clearing houses known as covered entities. Additionally, any consultants or tangentially associated representatives such as lawyers and accountants are indirectly affected.

WHAT: A HIPAA disclosure, either intentional or incidental, is the sharing of PHI with another individual or entity. The Privacy Rules dictates that organizations protect patient information from being disclosed unless under direct compliance with the Privacy Rule stipulations or as the patient who owns the PHI authorizes in writing.

WHEN: Permitted uses and disclosures exclusively apply to the business of healthcare and are usually limited to other organizations or individuals who need the information to complete a component of the care or payment process. According to the Privacy Rules, several overarching themes dictate the legality of disclosures. Most commonly, information may be disclosed to an organization who is involved in the treatment or payment of a health care event; this usually includes a physician, pharmacy or payer. Secondarily, cursory details about an individual’s care or payment for care may be disclosed to family or friends upon the patient’s verbal agreement; this stipulation is largely at the discretion of the health care entity caring for the patient. In the course of business operations minor incidental disclosures may occur without penalty if all reasonable safeguards are in place; such occurrences may include a patient in an adjoining room overhearing a diagnosis. Finally, PHI may be shared for public interest activities in circumstances such as abuse, law enforcement need or donation of tissue and limited data sets may be provided with redacted identifying information for research purposes.

WHY: Disclosure policies establish safeguards to ensure that patient information is not released to organizations or individuals when it is not pertinent to the administration or payment of health care.

HIPAA violations, or the disclosure of PHI in any manner not consistent with the Privacy Rule, can result in civil and criminal penalties in adherence with the American Recovery and Reinvestments Act of 2008 which built a penalty structure for HIPAA violations. Violation penalties increase in direct correlation with the level of neglect associated with the violation. For instance, if a violation occurs but the violator was not aware, the penalty is $100 per violation; however, if a violation occurs out of willful neglect and is not corrected, the penalty is $50,000 for each violation. Intentional disclosures with the intent to sell the information can result in up to ten years of jail time and substantially increased fines.

When dealing with HIPAA rules and regulations, organizations should regularly train staff and consult with third-party experts to ensure that all components of the business are aligned with the Privacy Rules. In an ever-evolving health care environment, the circumstances of disclosure are often left to the judgment of the health care professional involved in the interaction. Demonstrating good intent through adherence to best practices will serve an organization well should an incidental violation every occur.

October 12, 2016 / Written by: Meagan Bates

Healthcare Article

Call (813) 284-2030 to find out how we may be able to help you with your Healthcare Law and Corporate Law Legal Issues.





Jeffrey P. Greenberg

Jeff has over 3 decades of experience in healthcare and corporate transactional and regulatory matters, including acquisitions and divestitures, federal and state licensure, and compliance. Jeff’s clients include health care providers such as hospitals, physician practices, and privately held corporations. He represents clients in transactions involving the provision of professional services to licensed healthcare entities, the formation and transfer of licensed healthcare organizations, and the management of licensed entities by business organizations.

Jeff also advises clients with respect to business planning, growth, succession, and exit strategies; governance, control, and operational issues; and the impact of state and federal legislation, including anti-self-referral, anti-kickback, Medicare and HIPAA.

Read More ›››

Contact Us by EMail

Healthcare Law Firm
Healthcare Law Firm

At Jeffrey P. Greenberg P.A., we understand that physician practices face unique challenges and we have experience in advising those practices on a wide variety of legal matters.

Jeffrey P. Greenberg P.A., is committed to providing a high level of Healthcare Law legal advice and service.

Read More ›››

Corporate Law Firm
Corporate Law Firm

Jeffrey P. Greenberg P.A. corporate law services includes advising on mergers and acquisitions, joint ventures, corporate finance, corporate governance, compliance, and other operational issues.

JPG Law is committed to providing a high level of Corporate Law legal advice and service.

Read More ›››