Protected Health Information
Accounting of disclosures
OHSU is required to keep a history of when and to whom protected health information (PHI) is disclosed if the disclosure occurs outside the scope of treatment, payment and health care operations, and is not made as a result of a signed authorization from the patient. Examples of disclosures that may be included in the accounting requirement are public health activities (reporting immunizations, birth and death certificates, cancer/tumor registries, pregnancy terminations), reports about victims of abuse, neglect, or domestic violence, information used for organ or tissue donation and transplantation, disclosures about decedents to coroners, medical examiners, or funeral directors, and other disclosures required by law. For each disclosure the following shall be recorded: the date of the disclosure; the name and, if known, the address of the recipient of the health information; the type of health information disclosed; and the purpose of the disclosure.
An individual has a right to receive an accounting of disclosures of PHI made by OHSU beginning April 14, 2003. Patients are entitled to one free accounting within a 12-month period.
OHSU disclosures that are subject to the accounting requirement shall be recorded in the Accounting of Disclosures System (ADS).
Use and disclosure of PHI
- Permitted Uses and Disclosures
- Minimum Necessary
- Disclosures for Worker's Compensation
- Releases to Law Enforcement Officials
- Releases to Schools
- Releases to Media
- Releases to Family and Friends
- Guidelines for Verifying an individual's Identity Prior to the Release of Information
- Awareness Checklist
All non-Epic systems for storing protected health information (PHI) need to be entered into this registry; you'll also want to use the repository to note if you've deleted or modified an already-entered system. Your department's data steward is responsible for entering your system.