First, a few definitions:
Protected Health Information (PHI) : any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. PHI is kept in a locked filing cabinet in a locked office in a locked building.
Electronic Protected Health Information (ePHI) : PHI stored in electronic format, such as computerized medical records, prescriptions, and lab tests. ePHI may be stored on encrypted practice computers and within the Electronic Medical Record (EMR).
Your ePHI is kept on secure systems and paper PHI is locked up. Your PHI/ePHI is only released with your written permission, with a few legal exceptions:
-
Consent—A clinician may release confidential information with the written consent of the patient or a legally authorized surrogate decision maker, such as a parent, guardian, or other surrogate designated by an advance medical directive.
-
Court Order—A clinician may be compelled to release confidential information upon the receipt of an order by a court of competent jurisdiction. (Note: Unless issued by a judge, a subpoena is not the equivalent of a court order.) This sometimes comes up during child custody hearings, for example.
-
Continued Treatment—A clinician may release confidential information necessary for the continued treatment of a patient. This allows me to discuss your care with other providers taking care of you, but intimate details are never shared.
-
Comply with the Law—A clinician may reveal confidential information in order to comply with mandatory reporting statutes (e.g., child abuse), business operations (like filing insurance claims for the patient), and other such lawful purposes.
-
Communicate a Threat—This “Tarasoff” exception to confidentiality involves the clinician’s duty to protect others from imminent violence by a patient. It also allows breach of confidentiality if needed to protect the patient from self-harm.
Your treatment here is completely confidential and your medical records are protected from disclosure to others by federal and state law, subject to some very specific limitations (such as the investigation of child abuse). Of course, if you authorize the release of your medical records, I am required to comply, so please be careful what you sign. This can be especially problematic when applying for life or health insurance, so you may want to consult with me or your attorney before you sign any blanket authorization for the release of your records. In any case, if I receive a request for your records I will attempt to contact you prior to releasing them.
If for any reason you need absolute protection and security, I can maintain your records so that no identifying information is kept in any way. Your identity will be encrypted with a pseudonym and there will be no traceable record of your visits. Most people don’t need this level of security, but certain sensitive positions and subjects may require it. Call me with a “burner phone” or email from an anonymous computer if you need to stay “black.”
This release of information form is required to release any medical records, reports, or any other protected health information.
Questions about Privacy? Send me your inquiry using the form below :
Texas Medical Board Notices
The Texas Medical Board requires the following notices:
Medical practice sites must provide patients with a clear mechanism to:
1.access, supplement, and amend patient-provided personal health information;
2.provide feedback regarding the site and the quality of information and services;
Thomas A Grugle MD 