Sharing Information with Family and Friends under HIPAA - What is Permissible or Not

Duration: 90 Minutes
Instructor: Jim Sheldon Dean
Webinar Id: 801037


One Attendee
Unlimited Attendees ?

This Presentation will explain Policies and procedures that should be in place for appropriate sharing of information with family and friends.


"This Course is approved for 1.5 general credit from the Nevada Board Of Continuing Legal Education."

Overview: One of the toughest situations that healthcare professionals can face is whether or not to share information about an individual with the individual's family and friends involved with the individual's care. These situations arise when family and friends need to know more about an individual than may usually be available, to help with care, to help with payment for services, and to help calm the fears and properly inform those who are involved with the individual.

Disclosures to family and friends involved with an individual's care are allowable disclosures under HIPAA, subject to objection by the individual, and new guidance from HHS OCR is designed to clarify when these disclosures are allowed and what the process is for making the disclosures and for seeking permission from the individual when appropriate. The guidance and rules for these disclosures will be explained so that the correct decisions can be made in sharing information, including how to treat special situations such as same-sex marriage. Especially in situations where family and friends are likely to be present, such as in an Emergency Department or Immediate Care Clinic, the organization must train patient-facing and family and friend-facing staff on the proper ways and circumstances in which to ask the patient about sharing information, and to share information when the patient cannot provide permission. Mishandling these situations can lead to complaints and significant penalties.

Guidance will be gathered from several source materials and presented so as to provide a clear understanding of how to prepare your staff and be ready to act within the rules when the right way to share information with family and friends is a question. Circumstances in which the question arises will be discussed, and ways in which to secure and document permission will be explained.

Why should you Attend: Patient Rights under HIPAA have become a focus of the US Department of Health and Human Services Office for Civil Rights. In addition to sharing information with the individuals who are being treated, there are rules for the appropriate sharing of information with family and friends involved with an individual's care, subject to objection by the individual. This area of compliance, like the individual rights of access of records, is a new focus of guidance from HHS and an area where HHS sees numerous complaints from the public.

Of course, there are many things to consider when deciding whether or not to share information with family and friends involved with the individual's care. You need to make sure you ask the patient for permission if you are able to, but you don't need to get an official HIPAA Authorization. You need to share the information that is necessary, but not share any that is not related to the issue at hand. For instance, to pay the mother's hospital bill, the daughter doesn't need to know all the details of the medical record, only the information that relates to the charges being paid.

For the most part, these rules permit the appropriate sharing of information in a considerate, compassionate way that would be considered reasonable. Examples include sharing mobility information with someone who is picking up a patient at the hospital, updating a friend who brought a patient to the Emergency Department, discussing a patient's health while there are others in the room considered to be friends or family, and situations according to the provider's professional judgment. In all cases, if permission can be sought, it should be, and if it is denied, the denial must be honored.

Areas Covered in the Session:
  • When sharing PHI with family and friends is permitted
  • How to identify who may be considered a family member or friend
  • How a Personal Representative under HIPAA is different from just a family member or friend
  • The amount and kind of information that may be shared with family and friends
  • Using the telephone to discuss a patient with family or friends involved in the patient's care
  • Provisions for approval by the individual of disclosures to family and friends
  • Policies and procedures that should be in place for appropriate sharing of information with family and friends
  • Penalties for improper sharing of PHI with family and friends

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed