Page 82 - Privacy_Program
P. 82
ACCOUNTING OF DISCLOSURES OF PHI [DP171]
Back to Table of Contents
Scope: Enterprise
Distribution: Executive Leadership Team; Director of Information Technology, Privacy and Data Security; All Employees with
Access to Protected Health Information (includes Contractors, temporary employees and Interns)
Purpose: To enable individuals to learn of how their Protected Health Information has been disclosed.
External Regulation or Standard: 45 C.F.R. §164.528 ‐ Accounting of disclosures of Protected Health Information
Who is Statement Policy, Standard, or Procedure Statement
Responsible Number
Director of Information DP171.1 The organization will comply with the requirements set forth in 45 C.F.R.
Technology, Privacy and §164.528, to allow participants to receive an accounting of all instances where
Data Security Protected Health Information (PHI) about them is disclosed, except where
otherwise noted in this policy and procedure.
Director of Information DP171.2 The organization will allow participants to receive an accounting of instances
Technology, Privacy and where PHI about them is disclosed except for the following purposes:
Data Security
DP171.2a (a) to carry out treatment, payment and health care operations;
DP171.2b (b) under the authority of a written authorization given by the subject of the PHI;
DP171.2c (c) to the individuals about their own PHI;
DP171.2d (d) for the facility’s directory;
DP171.2e (e) to persons involved in the individual’s care or other notification
purposes;
DP171.2f (f) for national security or intelligence purposes;
DP171.2g (g) to correctional institutions or law enforcement custodial situations.
Director of Information DP171.3 The organization will not allow participants to receive an accounting of instances
Technology, Privacy and where PHI about them is used or disclosed prior to April 14, 2004.
Data Security
Director of Information DP171.4 The organization will utilize a log for documenting and maintaining an
Technology, Privacy and accounting of when PHI has been disclosed for purposes other than
Data Security treatment, payment or health care operations.
Director of Information DP171.5 The organization will temporarily suspend a participant’s right to receive an
Technology, Privacy and accounting of disclosures to a health oversight agency or law enforcement official
Data Security for the time specified by such agency official.
Director of Information DP171.6 The organization will obtain from such agency or official a written statement that
Technology, Privacy and such an accounting to the participant would be reasonably likely to impede the
Data Security agency’s activities and specifying the time for which such a suspension is
required.
Director of Information DP171.7 If the health oversight agency or law enforcement official statement to suspend
Technology, Privacy and an individual’s right to receive an accounting of disclosures to that agency or
Data Security official is made orally, the organization will:
DP171.7a (a) document the statement; and
DP171.7b (b) document the identity of the agency or official making the statement.
Director of Information DP171.8 If a participant’s right to an accounting of disclosures subject to the statement is
Technology, Privacy and temporarily suspended, the organization will limit the temporary suspension to
Data Security not longer than 30 days from the date of the oral statement.
GES CONFIDENTIAL 78
