Skip to Content

Requirements for a Provider's Use of Records and Violations of Use of Records – Ind. Code Ann.§ 16-39-5-3

Link to the law
This will open in a new window

The law provides that a patient’s health record is the property of the provider, and may be used by the provider for legitimate business purposes without the patient’s written authorization for the following:

  1. Submission of claims for payment from third parties;
  2. Collection of accounts;
  3. Litigation;
  4. Quality assurance;
  5. Peer review;
  6. Scientific, statistical or educational purposes.

In using a patient’s record for the above purposes, the provider must protect the confidentiality of the patient, and only disclose the patient’s identity when necessary.  A provider may also disclose a patient’s record to another provider or non-profit research organization.  Each entity receiving the patient’s record must protect its confidentiality and must not disclose the identity of the patient.  A provider is also authorized to disclose health records that are to be used for data aggregation projects.  The identity of the patient may not be disclosed unless it is essential to the data aggregation project.  Data aggregation projects may disclose information received by a provider to the state Department of Health if it is to be used for a public health activity.  Any information held by the Department that could potentially identify a patient must be confidential. 

Related Laws:

Ind. Code § 16-39-5-1

Current as of June 2015