Call us at 971.236.1199

Privacy

PRIVACY POLICY

Last updated May 13, 2025

Oregon-based BeLoved Hospice follows all applicable state and federal laws as related to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.

Billing services contracted to BeLoved Hospice shall follow all HIPAA regulations and show proof of compliance upon request.

Hospice medical record information will be released as appropriate and, if necessary, as approved on admission by the patient or his/her legal representative.

Upon admission the patient will be asked to sign a Medical Records Request/Release statement that will be kept in the BeLoved Hospice patient record.

A log shall be kept documenting all requests for release of information.

Definitions

  1. Standards for Privacy of Individually Identifiable health Information “Privacy Rule”:

    a. The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).¹ The Privacy Rule standards address the use and disclosure of individuals’ health information, called “protected health information” by organizations subject to the Privacy Rule, called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. Given that the healthcare marketplace is diverse, the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed. 

    b. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the Secretary of HHS to publicize standards for the electronic exchange, privacy and security of health information. Collectively these are known as the Administrative Simplification provisions.
     

  2. Protected Health Information (PHI)

    a. The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”¹²
    b. Individually identifiable health information, is information including demographic data, that relates to: 

    1. the individual’s past, present or future physical or mental health or condition

    2. the provision of health care to the individual or

    3. the past, present, or future payment for the provision for healthcare to the individual

    4. and that identifies the individual, or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers: name, address, birth date, Social Security Number

    c. In order to protect patient’s protected health information, which could be stored on personal cell phones and other devices, BeLoved Hospice requires that employees create a Personal Identification Number (“PIN”) or Passcode Lock for their phone and other devices when not in use.

     

  3. There are no restrictions on the use or disclosure of de-identified health information.14 De-identified health information neither identifies nor provides a reasonable basis to identify an individual. There are two ways to de-identify information:
     
    1. a formal determination by a qualified statistician; or
    2. the removal of specified identifiers of the individual, and of the individual’s relatives, household members, and employers is required, and is adequate only if the covered entity has no actual knowledge that the remaining information could be used to could be used to identity the individual.
       
  4. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: 
     
    1. To the Individual (unless required for access or accounting of disclosures);
    2. Treatment, Payment, and Health Care Operations;
    3. Opportunity to Agree or Object;
    4. Incident to an otherwise permitted use and disclosure;
    5. Public Interest and Benefit Activities; and
    6. Limited Data set for the purposes of research, public health or health care operations. 18 Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.

 

Procedure

  1. Authorizations

    a. All authorizations must be written, dated and currently signed by the patient or his/her legal representative. 

    • A current authorization is one that is signed within the last year.
    • If the authorization has not been dated, it must be returned to the sender with the statement: “The authorization, which you sent, was not dated. In order to be valid, the patient’s authorization must be dated prior to the signing of the authorization. If you wish to resubmit a properly dated and signed authorization, we will be happy to process your request.” 
       
  2. Authorizations may not be accepted when they are addressed to another party, such as a hospital, physician, or third-party payor.
  3. Authorizations may be accepted if they are not addressed to hospice but are addressed “To Whom It May Concern.”
  4. Authorization must state the name of persons or entities to which medical information is to be released.
  5. Persons who may sign include: 
     
    1. The competent patient, 18 years or older.
    2. Conservator or attorney-in-fact of an incompetent adult (must produce papers of guardianship, etc.)
    3. Minors, only if they could have consented to treatment without parent’s consent.
    4. Parent or guardian of minor patient (must produce letters of guardianship-step parents may not consent.)
    5. Patient’s spouse, for a limited purpose of processing an application for a health insurance plan.
    6. Executor or administrator of estate, or an heir of a deceased patient. 
       
  6. All patients or legally qualified patient representative authorizations, as well as the original requests for information, will be retained and kept in the back of the patient’s clinical record.
  7. Release of Information from Hospice Records of patients currently on service 
     
    1. Occasionally, there will be need to provide photocopies of records of patients who are currently on service at BeLoved Hospice.
       
      1. Copy the information requested and sends with a cover letter stating that the record has been photocopied up to the current date. 
         
      2. Use this language at the bottom of the cover letter: “Photocopies of the record consisting of _____ (number of) pages have been prepared up to and including _____ (date). Since the patient is currently on service at hospice, the record is incomplete, and there may be additions or deletions prior to or following discharge.”
         
  8. Law Enforcement Inquiries 
     
    1. If a request for release of information is received from a law enforcement agency, please notify the governing body immediately and follow the directions of the corporate office.
       
      1. Police or investigative agencies’ requests for information will not be complied with unless the patient or his/her legal representative has given specific consent for release of information or a court order or subpoena is presented.  
         
  9. Information is released as specified below: 
     
    1. Requires patient authorization
       
      1. Government Agencies
         
      2. Medicare/Blue Cross/Intermediaries
         
      3. Attorneys, Insurance Brokers and Agents
         
      4. Patient/family/caregiver – also requires written request from patient
         
      5. FBI and all law enforcement agencies 
         
    2. Can be released without patient authorization
       
      1. Attending Physician’s Release
         
      2. Workmen’s Compensation Release
         
      3. Subpoenas
         
      4. FBI and all law enforcement agencies – with a court order