Confusion exists as to the effect, if any, of a signature. Under HIPAA, signing does not mean that you have agreed to any special uses or disclosures (sharing) of your health records. Signing does not mean you “agree” that a provider has the right to use or disclose certain PHI without written authorization. The right of a provider to use or disclose certain PHI without written authorization exists in the law. A patient cannot change the law. A patient may disagree that a provider should have this right, but a patient cannot demand that a provider “remove” this right from the notice of privacy practices.
What Happens If a Patient Refuses to Sign a NPP?
Is a patient who refuses to sign the acknowledgment of receipt entitled to treatment? Yes. A provider cannot use the refusal to sign to deny treatment. The provider must, however, keep a record of the fact that you did not sign. If a patient does not sign, what information may a provider disclose? The same amount and type of information that HIPAA permits any other provider to disclose.
A patient who is dissatisfied with the fact that HIPAA permits use or disclosure for payment, treatment, or healthcare operations regardless of what the patient demands, may avail himself or herself of another provision of the Privacy Rule, the “Right to Request Restrictions” provision. Under this provision, a provider must permit individuals to request that uses and disclosures of protected health information to carry out treatment, payment, and healthcare operations be restricted. While a provider is not required to agree to a request, the provider must adhere to those restrictions to which it has agreed.
If a provider has agreed to a restriction, the provider may nonetheless use or disclose protected health information in violation of that restriction, if the individual who requested the restriction is in need of emergency treatment and the restricted protected health information is needed to provide the emergency treatment. When emergency treatment is needed, the provider may use the restricted protected health information, or may disclose such information to a healthcare provider, to provide such treatment to the individual. If a provider has disclosed restricted PHI to another provider for emergency treatment purposes, the provider must request that the other provider not further use or disclose the information.
When the “right to request restrictions” rule was proposed, some insurers and other providers argued that a provider that has agreed to a restriction, make note of the existence of that restriction in the patient’s file. HIPAA does not require that a provider make