Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Disclosure to a third party

Posted on July 30, 2014 by Jean Eaton in Blog

Patient Access to Health Records

Healthcare providers have a duty to assist the patient when the patient wants to access their own information or request that it be disclosed.

Can a patient authorize disclosure to third party?

Common requests for patient records include patients authorizing their own information to be sent to a third party. The third party – insurance agent, employer, government agency, etc – sometimes acts on behalf of the patient to request the patient’s records from their healthcare provider. The third party will often use their own forms. When the healthcare provider receives the request, they may have questions about the request.

If the custodian / physician has any questions or concerns about the request, they can (and should) get clarification before releasing the information.  You could:

a)  request the third party to provide clarification or provide a revised consent authorized by the patient or

b)  refuse the request and state the grounds (reminder – you need to state the legal authority not to process the request) or

c)  healthcare provider contact the patient directly to discuss the request to release records.  This is my personal favourite option. This meets the obligation of duty to assist, provides clarity for both the patient and the custodian about what information is (and is not) included in the response to the 3rd party.  You can have the patient book an appointment with the custodian to review the request and then update or provide a new consent to release.

Valid consent criteria

Valid consent criteria includes:

  1. Identify the individual (patient)
  2. Who has been authorized to disclose
  3. To whom
  4. Explicitly what information
  5. For what purpose
  6. Legal authority
  7. Patient acknowledgment
  8. Date, sign, valid until

‘Valid Until’

‘Valid Until’ is not a requirement under Health Information Act, however it is good practice.

The length of time ‘valid until’ is often discretionary to the custodian – often 30-90 days or whatever is reasonable to:

a) ensure that the patient authorizing the release can provide informed consent and

b) reasonable length of time to process the request (standard is 30 days turn-around to respond to a request)

A patient has the right to know how their health information is being collected, used, and disclosed. A patient has the right to access their own health information. A healthcare practice that demonstrates attention to detail, courtesy to the patient, and respect for confidentiality will also have good business practices and excellent customer service.

As a practice manager, clinic manager, healthcare provider or employee, it is your job to make sure that you know how to respond to access request, process the request, and provide good customer service. See our new series of articles, one article each week starting July 14, on the key steps in ‘Patient Access to Health Records.’

Additional resources:

Alberta Health and Wellness. HIA Guidelines and Practices Manual.

“Best of the Practice Management Nugget interviews’ will be posted next Thursday and will include the replay – and resources – for ‘Patient Access to their records’.  See informationmanagers.ca/pmn-events-live

 

Your comments and discussion are encouraged – join our new LinkedIn group, Practice Management Nuggets. When you are signed into LinkedIn, simply go to ‘interests’, ‘groups’, search for ‘Practice Management Nuggets’ and request to join.

Health Information Act, health records, patient access, patient rights, Practice Management Mentor, third party requestors, valid consent

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"I did think that the info session was interesting on how many tools can be created and intertwined for the use of the patient. I do find the sessions good."

--Practice Management Nugget event, 'Engage your patients using automated tools' with Karol Clark

- Debra from Spruce Grove

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}