August 2003 Bulletin

HIPAA privacy rules affect AAOS publishing, research and CME

Academy modifies application forms

Under the Health Insurance Portability and Accountability Act (HIPAA), physicians may disseminate their patients' Protected Health Information (PHI) to third parties only for what the Act terms "Treatment, Payment and Health care Operations" (TPO). In order to disclose patients' PHI for purposes other than TPO, it's necessary for you to obtain signed Authorization Forms from them.

Thus, except under exceptional circumstances, you must obtain a signed Authorization Form if you wish to use your patients' PHI in AAOS publications, for research, and in connection with the continuing medical education of individuals who are not employees of your organization. Bear in mind that "publications" is a broad term that includes books, CD-ROMs, videotapes, images made available via the Internet, and scientific and poster exhibits at AAOS meetings. An alternate to obtaining the patient's signed Authorization Form is to make sure all identifiers (18 are noted in the regulations) are removed from the patient's information that is being presented.

AAOS has therefore slightly modified the forms you must sign in connection with submitting articles for publication, engaging in CME at Academy-sponsored events, exhibiting at meetings, and so forth. The new forms require that you formally affirm that, prior to submitting x-rays, images and so forth relating to your patients, you have complied with all HIPAA requirements.

If you have questions or need additional information about HIPAA, contact Steven E. Fisher, MBA, AAOS manager, practice management affairs. He can be reached at (847) 384-4331 or via e-mail at

Home Previous Page