What seems to be a straightforward process for HIM professionals may often cause headaches. For example, the release of information (ROI) process seems straightforward; a request for information arrives in the office and we fulfill the request. But perhaps a variety of information requests are accepted by the organization, the requests do not ask for specific documents, or conversely, requests may ask for the entire medical record. Two key release of information policy items will strengthen your ROI processes: a description of what constitutes a valid authorization to release information and a listing of hospital documents that are never released as part of a request.

According to the HIPAA Privacy Rule, here are a few key elements a valid authorization must include:

  • A specific, meaningful description of the information to be released
  • The name of the person or class of persons authorized to release the information
  • The name or other identification of the recipient of the information
  • A description of the purpose of the release
  • An expiration date or event
  • The signature of the patient or personal representative and the date (if signed by a personal representative, the relationship must be indicated)
  • A statement of the individual’s right to revoke the authorization and exceptions

The records that should not be released, or records that should be on an exclusion list include:

  • Administrative data, which is patient-identifiable and used for administrative, regulatory, or other healthcare operations, such as audit trails, data used for quality assurance or utilization management or data prepared in anticipation of legal action.
  • Derived data stored in aggregate format, which is not patient-identifiable, such as data used for accreditation reports, research data or statistical reports.
  • Psychotherapy notes maintained separate from the rest of the patient’s medical record.
  • Information that is subject to a legal privilege such as peer review or attorney/client privilege.

The Haugen Consulting Group has many years of experience with release of information processes and the policies which support those processes. We can help!



Senior Consultant

Lisa Fink is a Senior Consultant with the Haugen Consulting Group. She brings over 30 years of progressive, professional health care experience in all Health Information Management (HIM) domains. Her diverse background in health care includes operational and strategic experience in HIM, Revenue Cycle, Quality Improvement, Utilization Review, Credentialing, Accreditation, Information Technology, and Consulting. As a consultant, Lisa has experience in department assessment and improvement projects, interim management, ICD 10 analysis, planning, and implementation, and technology implementation. She looks for opportunities to work with others to solve business problems and achieve results.

Lisa is a life-long learner, practitioner, and mentor in leadership. She has held has held all seats on the Board of her AHIMA Component State Association and looks for opportunities to mentor others on their leadership journey.


Submit a Comment

Your email address will not be published. Required fields are marked *

Share This