HIPAA and HL-7 rules in healthcare information! Need for a reality check


Does your practice adhere to HIPAA rules? You might have come across these questions?

  • What is the most important standard?
  • What if a covered entity doesn’t fax a PHI to a physician because it says fax is not allowed under privacy rules?
  • Is it right to use e-mail if a physician wants to discuss patients diagnosis with other physicians?
  • On what basis should a physician decide whether a particular communication is covered under HIPAA?
  • Is it legal for a physician to send PHI for overseas transcription?
  • Is it legal for a hospital or a doctor to provide information to the police if they have to assist them in investigation?


Let us see if your answers match for the above questions!

  • The most important requirement by HIPAA is the disclosure of patient information by the doctor which should be limited. The information disclosed should only complete the minimum requirement of the disclosure.
  • The HIPPA rules do not stop a covered entity from faxing PHI to the doctor, however if the covered entity doesn’t agree to fax, then the doctor can guide them to check with Department of Human Health and Services
  • Yes, a doctor can use any method of communication, as long as the doctor uses appropriate secure methods to protect the PHI.
  • Disclosure of PHI by a doctor to another provider/hospital is absolutely permitted in treatment matters. It is only limited to mental health professional’s personal psychotherapy notes which cannot be disclosed without patient’s authorization.
  • A physician should sign a business associate agreement with its transcription service provider in order to protect the PHI.
  • Yes a doctor can disclose the patient information to a police officer for investigation purpose. However the doctor or the hospital is required to check the officer’s identity before disclosing any information.

The HL-7 international standards have created a huge impact on the workflow of all healthcare organizations.  As the secure exchange of data becomes the top most concern for all medical practices it is essential that physicians understand the evolving guidelines of HIPAA and HL7.

You cannot discuss about HIPAA without mentioning HL7 which is another important security measure.

HL-7 design framework…

 To overcome the issues in interoperability between systems designed by different vendors, HL-7 international designs specifications that are used in healthcare information exchange. Information models, data types, vocabularies, messaging, clinical documents, context management standards, implementation technology, profile and conformance are some of the specifications used by HL-7 framework. Since it was difficult and expensive to design an interface between the sending and receiving applications as there was no standard collection of patient attributes, hence this situation gave birth to HL-7.

The design of HL-7 V2 by clinical information specialists was a success but in order to improve the methodology and enhance messaging, HL-7 was designed by medical informatics experts. Some of the benefits of HL-7 V3 standard are:

  • Less Framework for negotiation
  • Better consistency due to model based standard.
  • The application roles are well defined
  • Reduced message optionality
  • Less expensive to build and easy to maintain the interface on a mid-to-long term basis

Now here is the most important question is you medical practice compliant? Make sure your practice is. Run regular audits to improve the standard of security in your medical practice and know where the tripwires are.


More in Health, HIPAA, HL-7 rules (4 of 7 articles)