Q: Is working with Breast Pump Depot HIPPA compliant?
A: Yes. The Breast Pump Depot is a Covered Entity (“CE”) as defined by HIPAA and has a responsibility to comply with HIPAA just like the hospital. The purpose of HIPAA is to secure protected health information (“PHI”) without impeding care. A HIPAA CE is allowed to use PHI in accordance with the HIPAA regulations. The regulations provide that a CE is allowed to release PHI for treatment, payment and operations without patient authorization. In this case, the hospital would be releasing information to The Breast Pump Depot to further care so an authorization is not needed. The HIPAA drafters felt it was important for a care provider to have access to the entire medical record so for treatment purposes there is no limitation on the information that can be provided regarding the medical care of the
patient. When releasing information for treatment and operations, the CE releasing the information should provide the minimum necessary to accomplish the task. In this case, the hospital will be providing basic information such as name, contact information, basic insurance information and the type of equipment being requested. The release of this information complies with the HIPAA requirements for release without authorization.