As HIM compliance standards evolve, your release of information process should, too
Stay up to date with the latest Health Information Management regulatory changes.
Protecting privacy is at the heart of what we do
In healthcare, compliance is one of the biggest administrative and procedural hurdles. With so many legal requirements dictating how protected health information (PHI) can be shared, it can feel overwhelming to keep up with what’s changed, what’s new, and what’s upcoming. That’s where we come in.
HealthMark offers HIPAA-compliant solutions for release of information and audits so your team can focus on what really matters.
HealthMark helps you stay compliant
At HealthMark, we live and breathe release of information—and that means staying on top of the latest legal requirements, proposed rules, and new legislations that impact medical records.
Our staff are certified release of information specialists (CRIS) who have the skills to handle all of your record requests with the utmost care and precision. Every patient record request we receive goes through four rounds of quality control to support accuracy and compliance.
HealthMark actively identifies and mitigates compliance risks while closely monitoring regulatory changes, giving you peace of mind that your healthcare organization remains compliant in an ever-evolving healthcare landscape.
HIM Compliance: The Basics
HIPAA
HIPAA stands for the Health Insurance Portability and Accountability Act. HIPAA establishes the standards healthcare has followed for the last thirty years for protecting sensitive patient health information and ensuring its confidentiality and security.
HITECH
HITECH, or the Health Information Technology for Economic and Clinical Health Act, promotes the adoption and meaningful use of health information technology, particularly electronic health records (EHRs), and strengthens HIPAA’s privacy and security protections.
21st Century Cures Act
Enacted in 2016, the 21st Century Cures Act aims to accelerate medical product development and enhance patient access to new treatments and technologies. A key provision of the act is to prevent information blocking, ensuring patients have easier access to their EHI.
Information Blocking
Information blocking refers to practices by healthcare providers, developers or networks that unreasonably interfere with the access, exchange or use of EHI. Recently, new disincentives have been added to the law to discourage providers from information blocking.
Right of Access
The Right of Access under HIPAA grants patients the legal right to access, inspect and obtain copies of their protected health information (PHI) held by healthcare providers, with certain exceptions, in a timely manner.
42 CFR Part 2
42 CFR Part 2 is a federal regulation that protects the confidentiality of substance use disorder (SUD) treatment records by restricting the disclosure of such information without the patient’s explicit consent, with limited exceptions.
Designated Record Set
The Designated Record Set (DRS) refers to a group of records maintained by or for a covered entity, including medical, billing and other records. Under HIPAA, patients have the right to access their PHI within the DRS.
Answering Your Frequently Asked Compliance Questions
What should be included in a designated record set?
A designated record set (DRS) includes medical and billing records, enrollment, payment, claims adjudication, and case or medical management records maintained by a healthcare provider or health plan. The DRS may also include any records used, in whole or in part, to make decisions about individuals.
Learn more about what should be included in a designated record set here.
What are the new information blocking penalties for providers?
As of July 2024, healthcare providers can now face penalties for information blocking, including potential fines and disincentives if they knowingly restrict access to or exchange of electronic health information (EHI). These penalties emphasize the importance of compliance with the 21st Century Cures Act.
For a detailed overview of these penalties, read more on our blog.
What was changed in the 42 CFR Part 2 final rule?
The 42 CFR Part 2 final rule, updated in April 2024, aligns confidentiality protections for substance use disorder (SUD) records with HIPAA and HITECH. It simplifies how providers share SUD information for treatment, payment and healthcare operations, making it easier to coordinate care while maintaining strong patient privacy protections.
What is the Minimum Necessary Standard under HIPAA?
The Minimum Necessary Standard under HIPAA requires that only the minimum amount of protected health information (PHI) needed for a specific purpose be shared or used. This ensures that patient privacy is protected by limiting unnecessary access to sensitive information during the release of medical records.
Learn more about HIPAA requirements for transferring medical records from our blog.
What’s the difference between HIPAA authorization and right of access?
A HIPAA authorization is generally required when patients want to share their health information with third parties, specifying how the data will be used and protected. Meanwhile, a Right of Access request allows patients to obtain their own medical records without needing formal authorization. A patient can also directly request that their records be sent to a third party.
This article breaks down the differences in more detail.
What is an accounting of disclosures for medical records?
An accounting of disclosures is a record that lists instances where a patient’s protected health information (PHI) was shared by a covered entity without the patient’s authorization. It includes details such as the date, recipient, and purpose of the disclosure, and excludes routine disclosures for treatment, payment, or healthcare operations.
Learn more from this article.
Why choose HealthMark?
HIM compliance is hard. HealthMark makes it easier.
When you partner with us, you’re not only choosing a release of information vendor—you’re also getting a partner in compliance. We keep up with the ever-evolving regulatory landscape so you don’t have to.
Ready to learn more?
Tell us a little bit about your hospital or health system, and we’ll reach out to share how HealthMark’s release of information could benefit you.