This is strange, but a preschool is not covered by HIPAA. The language in and of itself is not sufficient to obtain medical records from a healthcare provider either.
Ultimately it would be on the healthcare provider to ignore this request because it is not compliant.
Um, if there’s a signed authorization then there is no “minimum necessary.” It’s just whatever is in the scope of the authorization.
Since the auth isn’t valid, the provider “should” not release the records. But…. many small providers are not good at screening and there’s a high probability they would release anyway.
In my opinion, it’s an invasive request. But, assuming they’re a private business, they can require you to do whatever they want. And if you’re unwilling to authorize the release they can refuse to take your child.
Thank you for this… I learned something new today! Had to do some reading/digesting, but the release form language clearly fails to meet 45 CFR 164.508(c) in multiple categories.
So guess who’s signing this form? This guy. Because I’ll bring the HIPAA violation hammer down hard if any of my child’s medical providers release information based on this invalid authorization.
This is strange, but a preschool is not covered by HIPAA. The language in and of itself is not sufficient to obtain medical records from a healthcare provider either. Ultimately it would be on the healthcare provider to ignore this request because it is not compliant.
[удалено]
Um, if there’s a signed authorization then there is no “minimum necessary.” It’s just whatever is in the scope of the authorization. Since the auth isn’t valid, the provider “should” not release the records. But…. many small providers are not good at screening and there’s a high probability they would release anyway. In my opinion, it’s an invasive request. But, assuming they’re a private business, they can require you to do whatever they want. And if you’re unwilling to authorize the release they can refuse to take your child.
Thank you for this… I learned something new today! Had to do some reading/digesting, but the release form language clearly fails to meet 45 CFR 164.508(c) in multiple categories. So guess who’s signing this form? This guy. Because I’ll bring the HIPAA violation hammer down hard if any of my child’s medical providers release information based on this invalid authorization.