Call Us Today 314-272-2600 |

There are serious consequences to impermissibly disclosing patients’ protected health information (PHI). This is a paralyzing prospect to many healthcare employees. Consequently, some staff members refuse to use or disclose PHI to the point that their workflow is disrupted. However, HIPAA allows you to disclose PHI for treatment, payment, and healthcare operations (TPO) purposes. These are the basic activities a healthcare organization goes through every day and don’t require patient authorization. Therefore, it’s important that your staff know about TPO disclosures so that they can have confidence to carry out their work while protecting patient privacy.

TPO Disclosures: Treatment

You may disclose PHI to help improve patient treatment, which involves any activities related to providing health care services to patients. Treatment disclosures include:

  • Sharing PHI with other departments or an external provider (ex. Pharmacy)
  • Consulting specialists or gaining referrals from third parties
  • Ordering tests (ex. Labs)
  • Communicating with other staff members as needed

TPO Disclosures: Payment

Additionally, you may disclose PHI to provide or obtain reimbursement for healthcare services. Payment disclosures include:

  • Billing
  • Managing claims
  • Determining eligibility for coverage
  • Conducting collection or utilization review activities

TPO Disclosures: Healthcare Operations

Lastly, you may disclose PHI to improve operations and quality of patient care. Healthcare operations disclosures include:

  • Ensuring patient safety
  • Developing protocol
  • Completing training or compliance programs
  • Conducting quality assessments and improvement activities
  • Detecting fraud and abuse
  • Planning business activities and development

There are many other activities that fall under the TPO umbrella. The purpose of these guidelines is to allow healthcare staff to do their daily activities smoothly while still protecting PHI from impermissible use or disclosure. Therefore, you must make sure your staff can distinguish between TPO disclosures and impermissible ones. Contact us to learn how the HIPAAtrek platform can help you manage staff training and your HIPAA compliance program.

Please share to your communities