Slide 4

Search for:


		Home
		Membership Issues
		What is the JCAAI?
		Extract Preparation Quiz
		Physician's Instruction Guide
		Allergen Extract Prep Guidelines
		Media-Fill Test
		All Allergists
		Practice Parameters
		Cost Effectiveness Presentation
		Safe Needle Issues

		HIPAA Course Slide 1 Slide 2 Slide 3 Slide 4 Slide 5 Slide 6 Slide 7 Slide 8 Slide 9 Slide 10 Slide 11 Slide 12 Slide 13 Slide 14 Slide 15 Slide 16 Slide 17 Slide 18 Slide 19 Slide 20 Slide 21 Slide 22 Slide 23 Slide 24 Slide 25 Slide 26 Slide 27 Slide 28 Slide 29 Slide 30 Slide 31 Slide 32 HIPAA Forms

		PPI Survey 2008
		Web Resources
		Contact Us

Slide 4


		TPO: Treatment, Payment, and Health Care Operations

Treatment and Payment

The general rule of the HIPAA Privacy regulations is that PHI cannot be used or disclosed without written authorization from the individual, unless the rules expressly permit the particular use or disclosure in question. However, the rules expressly do permit use and disclosure of PHI for purposes of carrying out the activities of treatment, payment, or health care operations (TPO). Since these purposes encompass most of the uses and disclosures of PHI in which a small allergists’ practice is likely to engage, compliance with the core requirement of the HIPAA Privacy Rule need not be viewed as a major burden. You should note that the HIPAA regulations make a distinction between “consent” and “authorization,” which is a particular kind of written consent. The written “authorization” that the Rule requires for use or disclosure of PHI in many circumstances (such as, for non-TPO purposes like marketing, research, and fundraising) is a written consent form that includes very specific content described in the regulations.

The terms "payment" and "treatment" are broadly defined in the Rule, and generally encompass the wide range of activities directly related to your delivery of medical services to your patients and the process of obtaining payment for those services.

Health care Operations

“Health care operations” refers to activities necessary for the support of treatment or payment and includes such activities as quality assessment, reviewing the qualifications of providers, insurance activities and various auditing activities. Generally, the patient’s health information that you have created or have received, the health information which you, as the physician, have recorded in your records, including the written and oral health information patients have given you relative to their past or present medical status and all of their past history, may be released to other health care providers for treatment purposes. It may also be released to other entities (including your business associates) for payment activities, or for health care operations, without the patient’s having to sign an authorization form. The HIPAA regulations give patients no valid basis to object to your release of this information for these purposes, as long as you comply with other applicable standards (such as those requiring reasonable safeguards of patient privacy and disclosure of only the minimum necessary amount of PHI). Patients do have a right to ask you for further restrictions on the release of their PHI, which will be covered later.

State Preemption

The HIPAA Privacy Rules provide that the governing rule, Federal or state, is the more stringent rule. Thus, the Federal rule allows release of PHI to other healthcare providers for TPO without patient authorization. If your state requires a signed authorization, that requirement takes precedence over the Federal rule under the State Preemption Doctrine. At least 50% of states require a signed consent to release information. Our recommendation is that you always get a signed authorization before releasing PHI. On the other hand, if there is an emergency and you are certain your state does not require a signed authorization; you should release the information without a release.

NEXT>>