Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Disclosure to a third party

Posted on July 30, 2014 by Jean Eaton in Blog

Patient Access to Health Records

Healthcare providers have a duty to assist the patient when the patient wants to access their own information or request that it be disclosed.

Can a patient authorize disclosure to third party?

Common requests for patient records include patients authorizing their own information to be sent to a third party. The third party – insurance agent, employer, government agency, etc – sometimes acts on behalf of the patient to request the patient’s records from their healthcare provider. The third party will often use their own forms. When the healthcare provider receives the request, they may have questions about the request.

If the custodian / physician has any questions or concerns about the request, they can (and should) get clarification before releasing the information.  You could:

a)  request the third party to provide clarification or provide a revised consent authorized by the patient or

b)  refuse the request and state the grounds (reminder – you need to state the legal authority not to process the request) or

c)  healthcare provider contact the patient directly to discuss the request to release records.  This is my personal favourite option. This meets the obligation of duty to assist, provides clarity for both the patient and the custodian about what information is (and is not) included in the response to the 3rd party.  You can have the patient book an appointment with the custodian to review the request and then update or provide a new consent to release.

Valid consent criteria

Valid consent criteria includes:

  1. Identify the individual (patient)
  2. Who has been authorized to disclose
  3. To whom
  4. Explicitly what information
  5. For what purpose
  6. Legal authority
  7. Patient acknowledgment
  8. Date, sign, valid until

‘Valid Until’

‘Valid Until’ is not a requirement under Health Information Act, however it is good practice.

The length of time ‘valid until’ is often discretionary to the custodian – often 30-90 days or whatever is reasonable to:

a) ensure that the patient authorizing the release can provide informed consent and

b) reasonable length of time to process the request (standard is 30 days turn-around to respond to a request)

A patient has the right to know how their health information is being collected, used, and disclosed. A patient has the right to access their own health information. A healthcare practice that demonstrates attention to detail, courtesy to the patient, and respect for confidentiality will also have good business practices and excellent customer service.

As a practice manager, clinic manager, healthcare provider or employee, it is your job to make sure that you know how to respond to access request, process the request, and provide good customer service. See our new series of articles, one article each week starting July 14, on the key steps in ‘Patient Access to Health Records.’

Additional resources:

Alberta Health and Wellness. HIA Guidelines and Practices Manual.

“Best of the Practice Management Nugget interviews’ will be posted next Thursday and will include the replay – and resources – for ‘Patient Access to their records’.  See informationmanagers.ca/pmn-events-live

 

Your comments and discussion are encouraged – join our new LinkedIn group, Practice Management Nuggets. When you are signed into LinkedIn, simply go to ‘interests’, ‘groups’, search for ‘Practice Management Nuggets’ and request to join.

Health Information Act, health records, patient access, patient rights, Practice Management Mentor, third party requestors, valid consent

Alberta Netcare: What are your Patient Rights?

Posted on January 25, 2013 by Jean Eaton in Blog

Primary Care Providers may expect their patients to be asking more questions about Health Information in Netcare. Review this information and your policies and procedures with your staff so that you know how to respond.

In order to mark Data Privacy Day 2013 (January 28, 2013), the Information and Privacy Commissioner of Alberta, Jill Clayton, has announced a new initiative to inform Albertans about their privacy rights.

Under the authority of the Health Information Act (HIA), your health information is available through the province-wide electronic record system named Alberta Netcare. Netcare is a network of information systems that allows authorized users to see prescriptions, lab results, diagnostic images, and hospital reports. It is used throughout Alberta in hospitals, and in medical clinics and pharmacies.

Consent to have your health information in Netcare is not required by law, but you do have rights that allow you to exercise privacy control.

With the provincial electronic health record system, Alberta Netcare, you have the right to:

Know why your health information is collected and whether it is available in Netcare
Know what information about you is in Netcare by asking for a print-out
Limit access to your Netcare record by asking for your information to be masked
Know who has looked at your information in Netcare
Request that errors be corrected
Ask the Information and Privacy Commissioner to review or investigate if you are not satisfied with a decision or response you receive about any of these rights

See the OIPC webpage and contact information, visit: http://www.oipc.ab.ca/pages/HIA/NetcareKnowYourRights.aspx

To view the News Release from the OIPC, visit: http://www.oipc.ab.ca/Content_Files/Files/News/NR_Netcare_Know_Rights_Jan_2013.pdf

access, Alberta, electronic health record, Health Information Act, Netcare, OIPC, patient rights, privacy

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

It is a rare privilege to work with an authentic expert who fulfills their role of consultant and coach with curiosity and respect for the specific nature of their client's unique enterprise. Jean Eaton was always prepared, sat every meeting on time, listened to an endless barrage of questions and answered every one with patience, grace, and wise counsel. The end product Information Managers Ltd provided ECHO Health was exceptional; their ongoing support will be a large measure of our success going forward. I highly recommend their services.

- Dr. Gregg Trueman-Klein, NP, ECHO Health

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}