This page addresses follow-up questions and additional information pertinent to our webinar
Release of Information: Advanced Scenarios and Hot Topics.
** The coding information and guidance are valid at the time of publishing. Learners are encouraged to research
subsequent official guidance in the areas associated with the topic as they can change rapidly.
Q: Do the minor consent laws only apply to sensitive diagnoses or does it matter?
A: Confidential consent laws for minors (unemancipated) are typically outlined by the type of service, and while most pertain to more “sensitive” diagnoses or care, (i.e., testing and treatment for sexually transmitted diseases, substance abuse treatment, mental health services), some states’ laws specifically allow minors to consent to immunizations. The specifics of the law differ per state, so be sure to refer to any applicable state laws.
And you can also refer to the 2022 reference from the American Academy of Pediatrics included in the webinar Resources page:
Q: What kind of proof or documentation do you need to review to see the dates of patient notification of a Subpoena? Is that based on the date sent or the date the patient received?
A: The HIPAA Privacy Rule Section 164.512 (uses and disclosures for which an authorization or opportunity to agree or object is not required) includes the “satisfactory assurances” process. The covered entity must receive written proof that the requestor made reasonable efforts to:
- contact the individual in writing.
- provide information to the individual on how to raise an objection.
- allow sufficient time for that individual to raise an objection.
The written documentation included with the subpoena needs to clearly demonstrate the process has been followed and the individual did not object or seek a qualifying protective order.
The objection period should be met prior to the subpoena of the records; the objection period begins on the date the individual was notified.
Remember to refer to any applicable state laws that could impact this process in your state. And here’s a reference (from HHS’s HIPAA For Professionals website).
Q: Regarding scenario #1: What if the son is still carried on his mother’s insurance? Would that be okay to release to the mother as part of treatment, payment, and operations?
A: If the parent is requesting medical records from the covered entity, the answer is generally still no. Despite the reason for the request (i.e., TPO versus “personal use” as we used in Scenario #1), the covered entity should not release the records to the parent without the adult child’s consent.
This is a tricky area - The Affordable Care Act allows young adults to remain on their parents’ insurance until age 26. The adult child could ask the insurer to direct things like Explanation of Benefits documents, to themself, rather than the policyholder (i.e., their parent) but the insurer doesn’t have to agree to the request.
As a reminder, there may be state laws that provide further privacy protection to that adult child, so always refer to any applicable state laws.
Looking for additional information on this topic?
Jennifer McCann, RHIA, CHPS, CTR
Director of Client Relations and Strategy
Jennifer brings over twenty years of experience in the healthcare industry to her role as the Director of Client Relations and Strategy with Haugen Consulting Group. She began her HIM career working in acute care settings in Rhode Island and Massachusetts before relocating to Denver in 2002. Prior to joining the Haugen Consulting Group, Jennifer spent several years in operational roles, successfully building and managing teams through complex projects and implementations. She is well versed in HIPAA privacy and security and workflow analysis.
She has held numerous Board positions with the Colorado Health Information Management Association (CHIMA) and is currently serving as President-Elect for the 2022-2023 term. Jennifer is an active volunteer and enjoys mentoring and networking within the Health Information profession.