BSI Medical Billing
  • Our Services
    • Medical Billing
      • AR Management
      • Claims Management
    • Medical Coding
    • Credentialing
    • Auditing
  • Who We Work With
    • Anesthesia
    • Cardiovascular Surgery
    • Dermatology
    • Ear, Nose, & Throat
    • Gastroenterology
    • General Surgery
    • Pain Management
    • Physical, Occupational, & Speech Therapies
    • OB/GYN
    • Orthopedics
    • Radiation Oncology
    • Radiology
    • Urology
  • About
    • Our Team
    • Areas We Serve
    • Blog
    • Client Testimonials
    • Join The BSI Team
  • Contact
  • Menu Menu
  • Facebook
  • LinkedIn

Release of Information Guidelines and Why ROI is important

Understanding the release of information guidelines is essential for maintaining a high-functioning, compliant medical practice and keeping patient information secure. But it can be challenging. There are many bureaucratic steps to the process, making it easy to make mistakes along the way.

What Is the Release of Information in Healthcare?

Release of information (ROI) allows patients to release information from their medical records to authorized individuals or organizations. However, the release of information guidelines are rather specific—the Health Insurance Portability and Accountability Act, or HIPAA, requires that healthcare organizations, health plans, and other covered entities follow a strict checklist for releasing protected health information (PHI). These release of information guidelines are in place to protect patient privacy and prevent HIPAA Privacy Rule violations.

How Long Is a Release of Information Good For?

HIPAA mandates that covered entities respond to ROI requests within 30 days of receiving them. Entities may also request a 30-day extension if they provide written notice.

Although HIPAA is federally mandated, some states have more stringent ROI requirements. In these states, covered entities must abide by the more rigid state law.

When Is a Release of Information Not Required?

There are a few cases in which ROI requests are not required by the HIPAA Privacy Rule. Healthcare providers can disclose PHI to other providers participating in a patient’s care, such as specialists, testing labs, or medical billing services.

What Happens With Improper Release of Information?

The improper release of medical records and PHI can have disastrous consequences for healthcare providers, covered entities, and their business associates. HIPAA outlines four tiers of penalties for these violations:

  • Tier 1: The covered entity did not or could not know how a breach occurred.
    ◦ Cost: $100-$50,000 per incident
  • Tier 2: The covered entities should have known about a breach but did not.
    ◦ Cost: $1,000-$50,000 per incident
  • Tier 3: The covered entity acted with willful neglect toward a breach but corrected it within 30 days.
    ◦ Cost: $10,000-$50,000 per incident
  • Tier 4: The covered entity acted with willful neglect and did not make the proper corrections in time.
    ◦ Cost: $50,000 per incident

Who Has Access to Medical Records?

Medical records contain PHI, so they’re not accessible to everyone. However, several circumstances require expanded access to medical records and PHI. Here is a list of individuals and organizations that are typically allowed access to medical records:

  • The patient: Patients have access to their own medical records.
  • Personal representative: Patients can appoint a personal representative to have medical power of attorney.
  • Legal guardians: Adults and legal guardians can obtain medical records of the minors under their care.
  • Other authorized individuals and organizations: Patients can also authorize certain individuals and organizations, like their attorney or insurance provider, to obtain access to certain PHI.

At BSI Medical Billing, we work with various industries and healthcare providers to ensure compliance and maximize reimbursements for medical services. Explore our industries and find out if we can help your organization maintain compliance.

Explore Our Industries

Why Are Release of Information Guidelines Important?

The release of information guidelines allow you to safely and securely share medical records and information with the parties mentioned above to gain access to various healthcare services and processes. Without access to pertinent medical information, many organizations would be unable to provide necessary services, such as life insurance or legal aid. Here are some of the reasons that following the release of information guidelines is necessary for a functioning healthcare system.

Continuity of Care

Doctors often refer patients to specialists depending on their required care. For example, you may be asthmatic, and during your annual doctor visit, your doctor may refer you to a pulmonary specialist. For the specialist to provide you with adequate care, they will need access to your medical records and history to determine the best treatment for your asthma.

Medical Billing Accuracy

Once a doctor or specialist provides treatment for a patient, their organization’s billing department will need to know what healthcare services were provided to bill for them accurately. For this reason, they also require access to patient medical records.

Health Insurance Billing

Similarly, once a patient receives care, their health insurance provider needs to know the details of treatment to determine the cost to cover it and the percentage that the patient is required to pay. For this reason, medical information must also be released.

Life Insurance

Life insurance companies often request access to patient medical records to determine their level of risk and how high their premiums need to be. Access to these records allows life insurance providers to determine how a patient’s medical history affects their life expectancy.

Health Studies

PHI is also necessary for providing data for health studies. Perhaps a research institution is trying to develop new medications or therapies through clinical research and trials. In these situations, they require access to PHI. Doctors will ask patients to authorize the release of their information to share it with researchers.

Data for Legal Proceedings

In the event of a malpractice lawsuit, patients will need to authorize the release of PHI to their attorney. With access to medical history and information, the attorney is able to build a case and argue that medical error was the direct cause of patient affliction.

Marketing

In some cases, healthcare organizations request access to PHI to share patient’s medical success stories for marketing purposes. For example, if you were successfully treated for breast cancer, the healthcare organization that provided treatment may request that you release your PHI so that they can share your story.

The Release of Information Workflow Process

The ROI process contains more than 40 separate steps. Fortunately, those can be broken down into five easy-to-digest phases.

1. Recording, Tracking, and Verification

The ROI process begins when the patient or authorized individual fills out a release of information form or a mental health release of information form. When the healthcare organization receives this request, they record it and verify that the authorization is valid. This step of the ROI process gives healthcare organizations the ability to release PHI.

2. PHI Retrieval

After verifying the authorization information and logging it accordingly, the healthcare organization locates your medical record and uploads the necessary information to a release of information software.

3. Safeguarding PHI

After retrieving your PHI, the healthcare organization takes meticulous steps to ensure that it doesn’t contain any PHI that is protected by federal or state law and thus not authorized for release.

During this phase of the ROI process, the healthcare organization verifies that the information is correct, uploads copies into the tracking system, and returns the files to their original storage place.

4. Releasing PHI

During this phase of the ROI process, the healthcare organization performs a final verification of your PHI, social security number, date of birth, diagnosis, and date range.

5. Completing the Request and Preparing an Invoice

Finally, the healthcare organization creates an invoice and sends your information in a sealed envelope or encrypted electronic form.

Maintain Compliance with BSI Medical Billing

At BSI Medical Billing, we understand the importance of compliance and following the release of information guidelines. We provide superior, compliant billing, coding, and auditing for healthcare providers. Contact us today to learn more.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail

Our Services

Medical Billing
Medical Coding
Credentialing
AR Management
Claims Management
Auditing

Contact Us

1223 Commerce Drive Suite 1-2
Mountain Home, AR 72653

BSI: 870-425-6322

Website by Abstrakt Marketing Group © 2022
  • Facebook
  • LinkedIn
  • Sitemap
  • Privacy Policy
Understanding Anesthesia BillingImage of a doctor using anesthesia on a patient.Image of a patient discussing medical bills with their doctor.Understanding the No Surprise Billing Act
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Accept settingsHide notification only