Release of Information

From Clinfowiki
Jump to: navigation, search

Release of Information is a function within the health care organization that controls the sharing of Protected Health Information (PHI) with individuals and other organizations.


Release of health information is governed by numerous laws and regulations including the Health Insurance Portability and Accountability Act (HIPAA) in order to ensure the security of the information and the privacy of the individual. Care must be taken when formulating policies and procedures for releasing information from the Electronic Health Record (EHR).

Treatment, Payment, and Operations

Organizations covered by HIPAA are allowed to use and disclose health information to other covered entities for the purpose of treatment, payment, and operations, commonly referred to as TPO. (1)

  • Treatment includes all communication between health care providers aimed at coordinating patient care.
  • Payment involves all activities related to billing and receiving reimbursement for care provided to patients.
  • Operations encompasses specific administrative business processes related to quality, financial, and legal matters as defined by the HIPAA Privacy Rule.

Policies and procedures must delineate how PHI will be secured, and ensure the minimum necessary amount of information will be shared. Consent may be obtained from the individual whose information is being shared but is not required for TPO purposes. (1)

Right of Access

Health care providers are the caretakers of patient information, and as such have the responsibility to protect the rights of each individual patient. HIPAA granted the right to individuals to access their PHI, with further expansion of access requirements mandated by the Health Information Technology Economy and Clinical Health (HITECH) Act. (2)

Health IT and Health Information Management staff work together to ensure that information is available both for clinical purposes and for access by the patient. The EHR and the Personal Health Record (PHR) provide new opportunities for information sharing which involve the use of networks and other advances in technology. Health care providers are responsible for ensuring the integrity of patient information while making it readily available. (2)


  1. U.S. Department of Health and Human Services. Uses and Disclosures for Treatment, Payment, and Health Care Operations. April 2003. Available from:
  2. Rode, D. Enabling Patient Access: Date Stewardship Involves More Than Data Use and Disclosure. Journal of Ahima 82, no.4, April 2011: 16-18. Available from:

Submitted by (Maria Parmer)