voted-icon

EasyLlama Consistently Recognized Among Top Training Software Solutions

How and When to use PHI in relation to HIPAA Laws

Private Health Information (PHI) can be used for a variety of reasons without authorization. For instance, healthcare providers can freely use PHI to facilitate treatment, for payment processing, and for healthcare operations, which are commonly referred to collectively as TPO.

Sign Up For A Free Preview

Get Your Organization Trained Today

llama imgllama img
media

When is PHI mandatory to Report?

media

If people request information from their record, as a covered entity, you must disclose the information, unless an exception applies. Another mandatory disclosure is to the Department of Health and Human Services, for a compliance investigation. Sometimes, disclosures of PHI are required by law; common reasons can include reporting vulnerable adult abuse, reporting child abuse, when there is a court order signed by a judge, when there is a threat to public health, and sometimes for disaster relief purposes and to report vital statistics to the government.

media

Using PHI to Process Healthcare Payments

media

In this chapter, we’ll take a closer look at some of the healthcare business operations where a healthcare provider has the right to use and disclose PHI. For example, healthcare providers are free to use PHI to process healthcare payments. However, if an individual has paid out of pocket in full for the medical services they receive, they have the right to restrict disclosure to the health plan provider. 

Examples of Using PHI without Authorization

PHI can be used without authorization to facilitate treatment, for payment processing, and to conduct healthcare business operations.

Incapacitated Patients

If the individual is incapacitated and there is no authorized representative, medical professionals may use their professional judgement and ethics in determining what information to disclose. It is possible for PHI to be disclosed to the personal representative of the individual, if: The individual’s representative’s identity is verified and proper procedures are followed for a response to a request for access.

Business Associate Agreements

For instance, you may disclose PHI to Business Associates without authorization if you have a business associate agreement in place. An informal authorization is acceptable in the case of discussing treatment and outcomes or payment with the individual’s caretaker who could be a friend or family member when the information is directly relevant to this person’s involvement with the individual’s care.  

Conducting Healthcare Business Operations

Some examples of such operations are a variety of activities of a covered entity including, but not limited to: quality assessment and improvement, outcome evaluation and development of clinical guidelines, reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs, accreditation, certification, licensing, and credentialing.

What is Private Health Information?

  • TPO
  • Private Health Information
prev

TPO

TPO stands for “total patient overview” and is a comprehensive look at the total health of a patient, including all their medical history, tests and treatments, and any other information that may be relevant to their care. TPO is an important part of protecting the privacy of a patient’s health information (PHI).

next

state iconLearners love easyllama

Disclosing PHI without Explicit Permission

A healthcare provider has the right to use and disclose PHI without explicit permission for a variety of business activities. Examples of these activities include but are not limited to:  

  • Quality assessment and improvement
  • Outcome evaluation and development of clinical guidelines
  • Reviewing competence, qualifications, and performance of healthcare professionals conducting health care practitioner training programs
  • Accreditation, certification, licensing, and credentialing
llama

Get An Instant Free Course Preview!

media

HIPAA Training to Benefit your staff members

media

The primary benefit of HIPAA training that includes private health information is that it helps ensure that healthcare providers, staff, and other individuals who handle private health information are aware of their obligations to protect the privacy and security of patients’ data. EasyLLama’s HIPAA training courses for Business Associates and Covered Entities helps ensure that all healthcare professionals are familiar with the rules and regulations set forth by HIPAA and that they understand the importance of protecting patient privacy.

Helping over 8,000+ organizations create a safer, more inclusive company culture.

company-logo-0
company-logo-1
company-logo-2
company-logo-3
company-logo-4
company-logo-5
company-logo-6
company-logo-7
company-logo-8
company-logo-9
company-logo-10
company-logo-11
company-logo-12
company-logo-13
company-logo-14
company-logo-15
company-logo-16
company-logo-17
company-logo-18
company-logo-19
company-logo-20
company-logo-21
company-logo-22
company-logo-23
company-logo-24
company-logo-25
state iconGet more from easyLlama

The Most Comprehensive HIPAA Training Solution

EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:

Chapter 1: Introduction and Overview of HIPAA

Chapter 2: The Privacy Rule

Chapter 3: Minimum Necessary Requirements

Chapter 4: How and When to Use PHI

Chapter 5: Individual Rights

Chapter 6: Business Associate Agreement

Chapter 7: The Security Rule

Chapter 8: The Enforcement Rule

Chapter 9: The Breach Notification Rule

Chapter 10: HIPAA Timeline and Updates

Chapter 11: What Have We Learned?

Chapter 12: Conclusion

Get Started In Just 5 minutes

See how EasyLlama can support your organizational goals and help build a safe and inclusive company culture

llama img