Releasing Patient Health Information: Release Management Practices

The exchange or release of health information is essential to the provision of high quality and cost-effective health care. The information released should be within the scope of the request, complete based on the nature of the request and submitted timely. This sounds straightforward, but there are many considerations that need to be taken before a health record is released:

  • is the signed release HIPAA compliant?
  • if the records being released based on a subpoena, Is the subpoena signed by a judge?
  • do the records requested in the release include mental health?
  • are you sending only the proper amount of patient information to be disclosed?
  • did you miss the 30-day deadline for the release of the requested records?
  • if the records being requested for a minor, have the state laws regarding this release been verified prior to the release?
  • do you charge appropriately for copies of health records?

These are just some of the areas that must be addressed before you release any health information. Improperly releasing health records can lead to legal headaches and unwanted fines and penalties for HIPAA violations of noncompliance with the provisions of the HIPAA rules by the Department of Health and Human Services’ Office of Civil Rights (OCR).

There are three key areas for the proper workflow for release of information processing.

Quality Controls

  • Tracking and monitoring the request
  • Request accuracy
  • Prioritizing and validating the completion of the request

Processing the Request

  • Completeness of the request
  • Authority of the requestor
  • Identity of the patient
  • Appropriateness of the requested information 

Completing of the Request

  • Review the content based on the request
  • record the request and release of the health information
  • Complete request in a timely manner

Release of information processes often require evaluation before the release can be fulfilled. The biggest challenge is to find the balance between HIPAA privacy, State law, maintaining legal compliance and facilitating quality patient care through information sharing.