On 6/23/2016 11:39 AM, Kanchan Dibert wrote:

I'm in a private 400 bed community hospital in North Carolina. We routinely send information from the Employee Health chart for regulatory review, such as when OSHA, the Joint Commission or the NC Department of Health is on site. We send only specific information from the chart, such as vaccinations, TST's FIT tests or Hep B immunity.

The hospital's "compliance" and "legal" departments are asking Employee Health Services to release the entire chart to them prior to these reviews. Does anyone do this, or release the entire employee health chart to any other departments owned by the hospital, or is it standard to release only information that's asked for to your own hospital's legal/compliance departments?

Kanchan,

You might want to check with your Hospital's HIPAA compliance officer regarding the release of PHI to ANYONE without the employee's consent. It does not matter AT ALL whether the Hospital "owns" other departments: the Hospital does not "own" the PHI of its employees.

Ask your Medical Records department head whether they would release PHI to ANY other North Carolina employer, or allow an employer's attorneys to view the medical record of one of their employees, without either (a) a subpoena or (b) the consent of the employee, and I suspect the answer will be a resounding, "Of COURSE not!"

Regards,

Joe Fanucchi

--
Joe Fanucchi MD FACOEM
President and Medical Director
MediTrax / OHS, Inc.
o:925-820-7758
c:925-368-3367

MediTrax software: Everything you need, at a fraction of the cost!