As part of a state associate our small non profit mental health program collects demographic information and progress toward goals on children in tyreatment. These are sent to a another non profit agency which enters the data for 15 participating programs. Our data form has the childs first name but the name is XXXXX XXXXX XX we need parental consent under HIPAA for collecting and aggregating this data.
Country relating to Question: United States
State (if USA): Oregon
Hello and thank you for the opportunity to assist you. There might be a slight delay between your follow ups and my replies as I am typing out my answer, or taking a quick break. Please remember that this is general information only, not legal advice, and no attorney-client relationship is formed.This depends on what kind of demographic data you are collecting. Private healthcare information (PHI) is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual. 45 C.F.R. 164.501.If you are collecting this, then you do need parental consent before you share this information with anyone else unless it is for treatment purposes.I hope this finds you well. Please remember that I do not get credit for my time with you unless the answer is rated/concluded by you; I work very hard to formulate an informative answer for you – please reciprocate my good faith. If you still need information, hit reply so we can chat until you are satisfied. You may always come back to it to ask follow ups on this topic free of charge.
I understand that I need parental consent to share PSI. However, I need you to be clear that this data collection is designed to measure outcomes and type of clients served etc. So we show that X children were served, that X had this diagnosis and that X improved as measured by this scale. The HIPAA violation might be that techically we sent information on a specific child to be entered in this data base w/o consent. Although other than the child's first name and age, there is no way to connect this data to the child or family. The information is entered in aggregate and there is no public disclosure. Is this much differnt than sending information that we served 20 children with x diagnosos , etc. ?
A possible solution to this might be to not have the first name included ? Yes/ No Or is this still a problem? .
Hello,I understand that. However, legislative intent is quite clear here - to protect patients from exposed information about their health. A covered entity may disclose PHI (Protected Health Information) to facilitate treatment, payment, or health care operations without a patient's express written authorization. 45 C.F.R. 164.524(a)(1)(ii). it is clear that the Caveat is very tightly controlled.Even if unclear, legislative intent helps discern the statutory law (Landgraf v. USI Film Products, 511 US 244 - Supreme Court 1994 - discussion). Even more so, HIPAA is meant to be interpreted broadly - 45 C.F.R. 164.524(b). No caveat exists here otherwise for studies, I am afraid, even if they eventually, maybe, will benefit the patients whose information is being collected.I hope this finds you well. Please remember that I do not get credit for my time with you unless the answer is rated/concluded by you; I work very hard to formulate an informative answer for you – please reciprocate my good faith. If you still need information, hit reply so we can chat until you are satisfied. You may always come back to it to ask follow ups on this topic free of charge.
Private practice with focus on family, criminal, PI, consumer protection, and business consultation.
Sorry to appear unsatisfied but I am still unclear in relation to the fact that only the clients first name appeared on the document and since there is no other identifying information on the document there seems to be no way the information could be connected to the client. This is my last question.
No worries, whatsoever.You state that only the child's first name is XXXXX XXXXX nothing else?
Hello,You have not replied, but have accepted - allow me to follow up anyhow, please.If it is just the child's first name and going off that information alone no identity may be linked from the study to a real person, it should be okay. However, make sure that no one can reasonably link the information to an individualAnything but a first name is XXXXXX XXX much.
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).