Overview—Frequently Asked Questions

Physician FAQs:

Q. Must I have a patient's authorization to disclose his or her protected health information for purposes of treatment, payment, and health care operations?

A. No, you do not have to obtain an authorization for these purposes. You must obtain an authorization for other uses and disclosures of protected health information.

Q. What happens if I cannot obtain a patient's written acknowledgement that I have provided a copy of my notice of privacy practices?

A. You must document your attempt(s) to obtain written acknowledgement and clearly state that the patient refused.


Q. If a patient requests a copy of his or her medical record, may I charge a fee to cover the copying costs?

A. Yes, you may charge reasonable fees for copying (supplies and labor) and postage, if allowed under state law.


Q. Am I liable for the privacy violations of my business associates?

A. No, you are not liable for the privacy violations of your business associates. However, if you become aware of a material breach or violation committed by the business associate, you must take reasonable steps to cure the breach or end the violation.


Q. I am ready to implement the privacy rule in my practice—will there be additional changes to the rule?

A. Congress provides the Secretary of Health and Human Services with the authority to modify the privacy rule as appropriate. Standards may be modified once per year.

Back to Top | | Copyright © 2008 American College of Cardiology
Heart House | 2400 N Street, NW | Washington, DC 20037