CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
     
Columbia University Medical Center logo, Health Insurance Portability & Accountability Act (HIPAA) Information Students Interacting
 
HIPAA Home
HIPAA Compliance
Columbia University Medical Center
601 West 168th Street
Apt. #22, 2nd Floor
New York, NY 10032
Tel: (212) 342-0059
Fax: (212) 342-5173
HIPAA Policies
Authorization to Release Medical Information
Accounting for Disclosures
Disclosures to Family/Friend
Email Policy and Forms
- Email Policy (112K pdf) pdf file
- Provider/Patient Email information (70K pdf) pdf file
- Patient Request for Email Communications (90K pdf) pdf file
Fax
Fundraising
Genetic Information
HIPAA Training
HIV/AIDS Information
Marketing
Minimum Necessary
Minors
Non-Retaliation
Notice of Privacy Practices
Ownership of Medical Record
Patient Complaints
Patient Rights
Research and HIPAA
Psychotherapy Notes
Organ Donation/Coroners
Required by Law
Health and Safety
Sanctions
Telephone Disclosures
Treatment and Payment
HIPAA Security
 

TITLE:

  

RELEASE OF PATIENT INFORMATION – PATIENT ACCESS


POLICY:
All information contained within a patient’s medical record or as accessed via computerized systems will be maintained in a confidential manner to protect the patient’s right to confidentiality and comply with City, State and Federal Regulations including HIPAA.

CUMC shall honor a patient’s request to send medical information to another physician, hospital, or medical facility; to an attorney; to an insurance company; and to the patient

Protected Health Information (PHI) may only be accessed/released (disclosed) as follows:

  • to those directly involved in the care of the patient;
  • for the protection of public health as provided by law;
  • for the payment of services as authorized by the patient;
  •  to assist researchers as authorized by the patient or other legally authorized individuals;
  • or for any other purposes authorized/or required by law;
  • Or, authorized by the patient or other legally authorized individual/or entity.

Protected health information may be disclosed with the authorization of the patient if:

  • The authorization is in writing, is dated, and is signed or otherwise authenticated;
  • The authorization specifies the information to be disclosed;
  • The authorization specifies the entity or location to disclose the information; and
  • The authorization specifies the person or persons to receive the information.

PROCEDURES:

  1. The following procedures apply to the release of information process:
    • Patients or designated individuals requesting access to their medical information shall complete an Authorization to Release Medical Information form.  Attorneys requesting access to medical records is required to have the patient complete the NYSDOH approved Release of Protected Health Information form.
    • The signature on the authorization must be that of the patient or legal representative (e.g. executor/executrix) if the patient is deceased, or of the legal guardian if the patient is a minor or has been declared incompetent.   The Authorization to Release Medical Information form and the medical record should be reviewed to assure that the signature of a person matches the documentation in the medical record.
    • The date on the authorization must be no more than one year old.
    • In an emergency situation, a healthcare provider can read or fax medical information to a physician, hospital, or medical facility upon receipt of the required authorization or a statement on the letterhead of the organization indicating that the patient is unable to sign.
    • Medical information may be released and/or shared with another healthcare provider / healthcare organization without a signed authorization if the healthcare providers have a patient in common or for continuity of care.  Examples of this include; a physician who refers a patient for a specialty consults.  The consult would be expected to share a report of their findings with the referring physician.  Another example includes providing information to a homecare agency when referring a patient to a homecare agency.
    • According to New York State Law “…a subject over the age of 12 may be notified of any request by a qualified person to review his/her patient information, and, if the subject objects to disclosure, the provider may deny the request…”
    • Medical records will be copied and forwarded within 10 business days of receipt of a written request for such information.
    • Columbia University Medical Center may charge $.75/page for access to patient medical information. In cases where the patient states in writing that he/she cannot afford to pay for their records, the $.75/page charge may be waived. Receipt of payment (or non-receipt of payment) will not affect request response.
  2. Research
    3. Staff identified as participating in research programs approved by the Institutional Review Board (IRB) may have access to medical records as necessary for the conduct of the research protocol.  If there are questions about the information requested, the Principal Investigator will provide a copy of the approved protocol.  All researchers must also comply with the Research and HIPAA policy available on the HIPAA web site.  Researcher access to protected health information is limited to the scope approved by the IRB.  It is the responsibility of the Principal Investigator to comply with all HIPAA and Research polices for data access and use.
  3. Attorneys, Insurance Companies, Third Party Payors
     Upon presentation of proper authorization from the patient, a parent or guardian, or the executor of the estate of a deceased patient; attorneys, third party payors, and others having legitimate interest in the medical record of patient may have information from the record.
  4. Law Enforcement Agencies
    Members of the FBI or police department who request medical information in the absence of proper documentation must be referred to the Privacy Officer.
  5. Subpoenas for Medical Records
    Any department or healthcare provider receiving a subpoena for medical records is encouraged to forward it to the Privacy Officer for review and approval prior to processing the request.
  6. Mental Health Record
    Mental Health Records require the approval of the mental health provider or their designee.  If in the opinion of the physician it is felt that the information may be harmful to the patient or others, the provider may deny access to the information.  This opinion must be stated in writing in the medical record.  In addition, the patient has the right to appeal this decision with the NYS Office of Mental Health.

RESPONSIBILITY:        Physician Offices and Privacy Officer

POLICY ISSUED:          May 2008

| TOP |

 

  
CUMC Home | © Columbia University | Affiliated with New York-Presbyterian Hospital | Comments | Text-Only Version