In today’s volatile healthcare environment, the threat of privacy and security breaches has become a perpetual concern. Consider
the July 2017 incident involving a Utah hospi-
tal nurse arrested for refusing to allow a police
officer to draw blood from an unconscious
patient. As a responsible healthcare profes-
sional, the nurse was complying
with hospital policy and the HIPAA
Privacy Rule1 governing disclosure of
patient information. In doing so, she
prevented a breach of privacy while
placing her own safety at risk. The
police officer was ultimately fired and
his watch commander demoted for
poor judgement and failure to respect
HIPAA’s patient protection rules.2
This case has focused national attention
on the complexities of HIPAA compli-
ance — adherence to guidelines that ensure
proper release of protected health information
(PHI) and prevent breach of privacy. It also
points to the importance of properly disclos-
ing patient information, centralizing release
of information (ROI) activities, implementing
proactive processes, and tracking privacy data.
Common privacy risks with disclosure of PHI
Managing the disclosure of PHI is more
complex than ever, due to evolving federal
regulations, patient access rights, and pressure
to manage and exchange health information
electronically. Because multiple departments
release PHI, there are concerns and risks
across the entire enterprise.
The most frequently impacted areas
include the Emergency department (ED),
Health Information Management (HIM),
Radiology, the business office, and physician
practices — although disclosures can occur
in any area or provider setting. For individuals whose primary tasks do not include PHI
disclosure, keeping privacy regulations top of
mind is a challenge. Without ongoing educa-tion and process change, the potential for risk
For example, the business office might
quickly release records to a payer to expedite
reimbursement without taking time to verify
delivery details, check for comingling of
medical record data, or adhere to “minimum
by Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB
Privacy dashboards: Tracking
and reporting for compliant
PHI disclosure management
» Privacy dashboards improve compliance by showing root causes, patterns, and trends.
» Centralized release of information (ROI) helps safeguard protected health information (PHI) and assures patient access rights.
» High-risk areas include Health Information Management (HIM), the Emergency department, Radiology, the business office, and
» Compliant PHI disclosure management requires constant analytics tracking and reporting.
» Actionable compliance data is a critical tool for value-based care.
Rita Bowen ( firstname.lastname@example.org) is Vice President, Privacy, Compliance
and HIM Policy at MRO, Norristown, PA.