Protecting privacy is at the heart of what we do

In healthcare, compliance is one of the biggest administrative and procedural hurdles. With so many legal requirements dictating how protected health information (PHI) can be shared, it can feel overwhelming to keep up with what’s changed, what’s new, and what’s upcoming. That’s where we come in.

HealthMark offers HIPAA-compliant solutions for release of information and audits so your team can focus on what really matters.

Read The Case Study

HealthMark helps you stay compliant

At HealthMark, we live and breathe release of information—and that means staying on top of the latest legal requirements, proposed rules, and new legislations that impact medical records.

Our staff are certified release of information specialists (CRIS) who have the skills to handle all of your record requests with the utmost care and precision. Every patient record request we receive goes through four rounds of quality control to support accuracy and compliance.

HealthMark actively identifies and mitigates compliance risks while closely monitoring regulatory changes, giving you peace of mind that your healthcare organization remains compliant in an ever-evolving healthcare landscape.

Unlock Your Compliance Strategy

HIM Compliance: The Basics

HIPAA

HIPAA stands for the Health Insurance Portability and Accountability Act. HIPAA establishes the standards healthcare has followed for the last thirty years for protecting sensitive patient health information and ensuring its confidentiality and security.

HITECH

HITECH, or the Health Information Technology for Economic and Clinical Health Act, promotes the adoption and meaningful use of health information technology, particularly electronic health records (EHRs), and strengthens HIPAA’s privacy and security protections.

21st Century Cures Act

Enacted in 2016, the 21st Century Cures Act aims to accelerate medical product development and enhance patient access to new treatments and technologies. A key provision of the act is to prevent information blocking, ensuring patients have easier access to their EHI.

Information Blocking

Information blocking refers to practices by healthcare providers, developers or networks that unreasonably interfere with the access, exchange or use of EHI. Recently, new disincentives have been added to the law to discourage providers from information blocking.

Right of Access

The Right of Access under HIPAA grants patients the legal right to access, inspect and obtain copies of their protected health information (PHI) held by healthcare providers, with certain exceptions, in a timely manner.

42 CFR Part 2

42 CFR Part 2 is a federal regulation that protects the confidentiality of substance use disorder (SUD) treatment records by restricting the disclosure of such information without the patient’s explicit consent, with limited exceptions.

Designated Record Set

The Designated Record Set (DRS) refers to a group of records maintained by or for a covered entity, including medical, billing and other records. Under HIPAA, patients have the right to access their PHI within the DRS.

Answering Your Frequently Asked Compliance Questions

What should be included in a designated record set?

What are the new information blocking penalties for providers?

What was changed in the 42 CFR Part 2 final rule?

What is the Minimum Necessary Standard under HIPAA?

The Minimum Necessary Standard under HIPAA requires that only the minimum amount of protected health information (PHI) needed for a specific purpose be shared or used. This ensures that patient privacy is protected by limiting unnecessary access to sensitive information during the release of medical records.

Learn more about HIPAA requirements for transferring medical records from our blog.

What’s the difference between HIPAA authorization and right of access?

A HIPAA authorization is generally required when patients want to share their health information with third parties, specifying how the data will be used and protected. Meanwhile, a Right of Access request allows patients to obtain their own medical records without needing formal authorization. A patient can also directly request that their records be sent to a third party.

This article breaks down the differences in more detail.

What is an accounting of disclosures for medical records?

An accounting of disclosures is a record that lists instances where a patient’s protected health information (PHI) was shared by a covered entity without the patient’s authorization. It includes details such as the date, recipient, and purpose of the disclosure, and excludes routine disclosures for treatment, payment, or healthcare operations.

Learn more from this article.

Why choose HealthMark?

HIM compliance is hard. HealthMark makes it easier.

When you partner with us, you’re not only choosing a release of information vendor—you’re also getting a partner in compliance. We keep up with the ever-evolving regulatory landscape so you don’t have to.

Ready to learn more?

Tell us a little bit about your hospital or health system, and we’ll reach out to share how HealthMark’s release of information could benefit you.

As HIM compliance standards evolve, your release of information process should, too