What Are TPO Disclosures?


There are serious consequences to impermissibly disclosing patients’ protected health information (PHI). This is a paralyzing prospect to many healthcare employees. Consequently, some staff members refuse to use or disclose PHI to the point that their workflow is disrupted. However, HIPAA allows you to disclose PHI for treatment, payment, and healthcare operations (TPO) purposes. These are the basic activities a healthcare organization goes through every day and don’t require patient authorization. Therefore, it’s important that your staff know about TPO disclosures so that they can have confidence to carry out their work while protecting patient privacy.

TPO Disclosures: Treatment

You may disclose PHI to help improve patient treatment, which involves any activities related to providing health care services to patients. Treatment disclosures include:

  • Sharing PHI with other departments or an external provider (ex. Pharmacy)
  • Consulting specialists or gaining referrals from third parties
  • Ordering tests (ex. Labs)
  • Communicating with other staff members as needed

TPO Disclosures: Payment

Additionally, you may disclose PHI to provide or obtain reimbursement for healthcare services. Payment disclosures include:

  • Billing
  • Managing claims
  • Determining eligibility for coverage
  • Conducting collection or utilization review activities

TPO Disclosures: Healthcare Operations

Lastly, you may disclose PHI to improve operations and quality of patient care. Healthcare operations disclosures include:

  • Ensuring patient safety
  • Developing protocol
  • Completing training or compliance programs
  • Conducting quality assessments and improvement activities
  • Detecting fraud and abuse
  • Planning business activities and development

There are many other activities that fall under the TPO umbrella. The purpose of these guidelines is to allow healthcare staff to do their daily activities smoothly while still protecting PHI from impermissible use or disclosure. Therefore, you must make sure your staff can distinguish between TPO disclosures and impermissible ones. Contact us to learn how the HIPAAtrek platform can help you manage staff training and your HIPAA compliance program.

Need More Guidance? Grab Our PHI Decision Tree!

This simple cheat sheet makes it easy to recognize every time you’re interacting with protected health information.

Decision Tree Preview

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »