Pharmacy Practice FAQsFrequently Asked Questions on Patient Privacy/HIPAA
Health Insurance Portability and Accountability Act (HIPAA) Q: Where can I find information about HIPAA? A: The federal Department of Health and Human Services maintains a comprehensive HIPAA Resource Page.
Q: When can a pharmacy give protected health information (PHI) to law enforcement? A: Board staff recommends the following guidelines in the event law enforcement agencies seek PHI from a pharmacy. (2) If a law enforcement officer serves a court ordered warrant or court issued subpoena upon the pharmacy, the pharmacy may disclose the PHI sought. (3) The 2018 HOPE Act authorizes certain law enforcement officers to obtain pharmacy records directly. This guidance document explains those provisions of the Act, which went into effect on July 1, 2019. (4) Other situations should be reviewed on a case-by-case basis. In the event that a law enforcement officer who is not qualified under the HOPE Act seeks PHI without a court order or warrant, the pharmacy should document the following and use its best judgment in determining whether to release PHI to a law enforcement officer:
Q: When can a pharmacy give protected health information (PHI) to investigators from other occupational licensing Boards (Medical, Nursing, Dental, Veterinary Medical Boards)? A: A Board rule provides that a pharmacist may disclose pharmacy records to investigators of other occupational licensing boards whose licensees have prescribing authority.
Q: Under HIPAA, does a patient have a right to review their own records? Specifically does the patient have the right to review notes in the patient profile? A: Yes. HIPAA authorizes a patient to view their entire patient profile from the pharmacy.
Disposal of PHI/Prescription Records Q: Is there a rule that addresses proper disposal of protected health information (PHI) including patient profiles and prescription records? A: Board Rule .2305 addresses the security of confidential patient information. Furthermore, the federal HIPAA statute sets strict requirements for protecting, and disposing of, protected health information (PHI).
|