Jeff Drummond, an attorney with Jackson Walker, LLP, in Dallas, Texas, says the main reason people have difficulty with HIPAA is that they don’t under
stand how the law is structured.
“People have a hard time putting HIPAA together with their day-to-day lives,” says Drummond, adding that the fact sheets are geared to help bridge that g
ap with real-world examples for physicians.
In the operations fact sheet, HHS discusses the kinds of exceptions that make patient authorization unnecessary: improving the quality of care, developing guidelines or protocols, coordinating care, reviewing the qualifications of healthcare providers or conducting training, among several others. “Sharing information in order to develop clinical pathways is useful and very important, and we have to have some level of information sharing,” says Drummond of the exceptions.
However, two conditions must be met. First, both the covered entity sharing the PHI and the one receiving it must have a relationship with the patient, and second, only the minimum amount of information necessary to complete the operation may be disclosed. “The tricky part is deciding what the minimum amount information necessary is,” says Drummond.
Even if names, addresses, and social security numbers are removed from documents, it is still considered PHI if a date more specific than a year is included. A document that says, “June, 2016” is still subject to all of the security rules that a document including a name and address would be.
About Jeff
Jeffery P. Drummond represents hospitals, physicians, laboratories, surgery centers, and other healthcare providers in transactional and regulatory matters. Jeff is involved in drafting contracts, negotiating business relationships, and analyzing healthcare regulations in the healthcare, pharmaceutical, and tax exemption areas. Jeff is also listed in the “red book” as nationally recognized bond counsel.
Jeff is best known for his experience in HIPAA and medical record privacy, as well as other data privacy and security issues. He became a recognized for his knowledge of HIPAA while the regulations were very new, has been involved in the HIPAA compliance activities of hundreds of entities and institutions, and has drafted thousands of HIPAA forms, documents, agreements, and policies and procedures. It is possible that more practitioners are using Jeff’s HIPAA documents than any other HIPAA attorney, given that he drafted the form documents offered by the Texas Medical Association to its physician members. Jeff is a frequent speaker on HIPAA and cybersecurity issues, speaking to large and small healthcare entities, lawyers, and other vendors to the healthcare industry. Since 2002, Jeff has written a weblog on HIPAA matters at www.hipaablog.blogspot.com, and regularly tweets about HIPAA under the Twitter handle @JeffDrummond.