There are serious consequences to impermissibly disclosing patients’ protected health information (PHI). This is a paralyzing prospect to many healthcare employees. Consequently, some staff members refuse to use or disclose PHI to the point that their workflow is disrupted. However, HIPAA allows you to disclose PHI for treatment, payment, and healthcare operations (TPO) purposes. These are the basic activities a healthcare organization goes through every day and don’t require patient authorization. Therefore, it’s important that your staff know about TPO disclosures so that they can have confidence to carry out their work while protecting patient privacy.
TPO Disclosures: Treatment
You may disclose PHI to help improve patient treatment, which involves any activities related to providing health care services to patients. Treatment disclosures include:
- Sharing PHI with other departments or an external provider (ex. Pharmacy)
- Consulting specialists or gaining referrals from third parties
- Ordering tests (ex. Labs)
- Communicating with other staff members as needed
TPO Disclosures: Payment
Additionally, you may disclose PHI to provide or obtain reimbursement for healthcare services. Payment disclosures include:
- Billing
- Managing claims
- Determining eligibility for coverage
- Conducting collection or utilization review activities
TPO Disclosures: Healthcare Operations
Lastly, you may disclose PHI to improve operations and quality of patient care. Healthcare operations disclosures include:
- Ensuring patient safety
- Developing protocol
- Completing training or compliance programs
- Conducting quality assessments and improvement activities
- Detecting fraud and abuse
- Planning business activities and development
There are many other activities that fall under the TPO umbrella. The purpose of these guidelines is to allow healthcare staff to do their daily activities smoothly while still protecting PHI from impermissible use or disclosure. Therefore, you must make sure your staff can distinguish between TPO disclosures and impermissible ones. Contact us to learn how the HIPAAtrek platform can help you manage staff training and your HIPAA compliance program.
Need More Guidance? Grab Our PHI Decision Tree!
This simple cheat sheet makes it easy to recognize every time you’re interacting with protected health information.