DATE
Name:
Date of Birth:
SSN:
Date of Services:
To Whom It May Concern:
The Missouri Department of Health and Senior Services, Division of Senior & Disability Services is seeking information pursuant to an investigation of reported abuse or neglect of an eligible adult. The Division believes that your agency may have information that will assist our investigation. It is our understanding that you have concerns regarding the release of the information to the Division because of the HIPAA Privacy Rule.
The Standards for Privacy of Individually Identifiable Health Information, otherwise known as the HIPAA Privacy Rule (45 CFR Parts 160 and 164) guarantee certain privacy rights to individuals. The HIPAA Privacy Rule limits the situations where a covered entity may use or disclose protected health information (PHI) without the authorization of the subject of the information. The Privacy Rule does allow for a covered entity to use or disclose PHI if the use or disclosure is required by law (see 45 CFR 164.512(a)). Further, the Privacy Rule specifically authorizes the disclosure of PHI for abuse and neglect reporting and states at 164.512(c)(1)(i) & (iii):
“Permitted disclosures…a covered entity may disclose protected health information about an individual who the covered entity reasonably believes to be a victim of abuse, neglect, or domestic violence to a government authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect or domestic violence:
(i)to the extent the disclosure is required by law and the disclosure complies with and is limited to the relevant requirements of such law;…
(iii)to the extent the disclosure is expressly authorized by statute or regulation and:
the covered entity, in the exercise of professional judgment, believes the disclosure is necessary to prevent serious harm to the individual…”
Sections 565.188 and 192.2410 require the reporting of elder abuse and/or neglect to the Department. Per 565.186 and 192.2415, RSMo, the Division of Senior & Disability Services is required to promptly and thoroughly investigate complaints of abuse or neglect. To that end, the Division may request PHI from covered entities, as that information relates to their investigation. Furthermore, pursuant to 45 CFR 164.502(a)(1) and 164.506(c) a covered entity may disclose PHI to the Division. When reading the statutes in conjunction with the Privacy Rule, the Department believes that the disclosure of information is permitted.
The Privacy Rule was not intended to hinder investigations by the Division of Senior & Disability Services. If you have any questions regarding this request, please contact me, at the number below, or my supervisor, at . You may also contact the Department’s Privacy Officer at (573) 751-6005. If you have questions regarding the Privacy Rule and HIPAA generally, please refer to the Office for Civil Rights website
Please note that no statute authorizes a provider to charge the Department for copies of records requested as part of an investigation of alleged abuse or neglect. Conditioning the Department’s access to the requested records on payment of a fee may result in issuance of a subpoena.
Sincerely,
Division of Senior and Disability Services
Phone