Practice Brief: Managing Health Information Relating to Infection with the Human Immunodeficiency Virus (HIV) (Updated)

Acquired immunodeficiency syndrome (AIDS), caused by the human immunodeficiency virus (HIV), has become a major public policy issue in the US. This is due, in part, to its significant potential for invasion of privacy and resultant discrimination. The healthcare community must constantly balance its duty to protect third parties from the spread of the disease with its duty to protect the privacy of individuals who are infected with HIV.

Individuals tested for HIV and/or treated for AIDS must be assured that information shared with healthcare professionals will remain confidential. Without such assurance, patients may withhold critical information that could affect the quality and outcome of care, safety of healthcare workers, and reliability of the information.

Recommended Procedures

To protect patient privacy and the confidentiality of information relating to HIV infection, the American Health Information Management Association (AHIMA) recommends the following steps:

1. Screening programs should be designed to provide confidential testing of individuals and communication of their test results.
   
   
2. Specific, written informed consent should be obtained from the individual or the individual's legal representative prior to voluntary testing. (Note: State law may permit testing of a patient without consent if a healthcare worker has been exposed to the patient's blood or bodily fluids. In such cases, the incident of exposure and the need for HIV testing should be discussed with the patient or the patient's legal representative before the test is done.) Pre- and post-test counseling should be provided by a qualified healthcare professional.
   
   
3. Health records of patients infected with HIV should be maintained with the health records of other patients in a secure area with restricted access. Special handling procedures should be avoided, as they are more likely to call attention to the patient's HIV status than routine handling methods. (Note: In some states, the law may require that HIV antibody test results be maintained in a special manner. Each provider must be aware of the applicable laws of the state and adopt policies that conform to them. In some states requiring special handling of HIV antibody test reports, the HIM department or responsible individual may need to adopt a procedure of marking such records in an obscure manner to prevent the inadvertent release of information on HIV antibody tests.)
   
   
4. Each facility should implement clear policies and procedures for disclosure of health information related to HIV/AIDS and ensure consistent compliance. Generally, information on HIV infection and/or AIDS is reportable to local health authorities. Depending on state law, the facility may be required to report the name of the person tested or other identifying information. Within the facility, a patient's serologic status should be disclosed only as needed for diagnosis, management, or treatment. Others who may review patient health records for administrative purposes (such as quality improvement, billing, and risk management) must ensure that this information is handled in a confidential manner. Information should only be disclosed to other legitimate users (including through the billing process) with specific written authorization of the patient or the patient's legal representative or upon receipt of a valid subpoena. (Note: Some states require a court order for release, thus protecting the records of HIV/AIDS patients from discovery by subpoena.) Information disclosed to authorized users should be limited strictly to that required to fulfill the purpose stated on the authorization. Authorizations for the release of "any and all information" without specifically mentioning HIV or AIDS should not be honored. Due to the sensitivity of this information, it should not be transmitted via facsimile machine or disclosed over the telephone unless urgently needed for patient care. It has become common practice to request that all pre-natal patients be tested for HIV/AIDS. Since the increase in this practice, HIM practitioners need to be increasingly aware of state laws pertaining to HIV/AIDS test results and their disclosure practices. These tests may be conducted during the pre-natal care or at the hospital at the time of delivery in some instances. In any case, the test results should be handled in the manner stated in your facility's policy and procedures on maintenance and disclosure of HIV/AIDS health information. Redisclosure of information relating to HIV/AIDS should be prohibited, unless otherwise required by state law.
   
   
5. HIV-positive healthcare workers should be managed according to guidelines outlined by the Centers for Disease Control and Preven-tion and state and federal laws. The healthcare worker's privacy must be balanced against the risk of transmission to patient, employees, and others. If questions arise, the facility's legal counsel should be involved in resolving the related questions.
   
   
6. Medical coders should only code from diagnoses listed in the medical record. The physician should be consulted prior to assigning codes from laboratory data or test results when a diagnosis is not clearly stated.

For more information, please refer to the AHIMA publication HIM Practice Standards: Tools for Assessing Your Organization (1998).

References

Brandt, Mary D. Managing Health Information Relating to HIV Infection. Chicago, IL: American Health Information Management Association, 1994.

Brandt, Mary D. HIV and Confidentiality: Guidelines for Managing Health Information Relating to HIV Infection. Chicago, IL: American Health Information Management Association, 1997.

Prepared by

Jennifer Carpenter, RRA, HIM practice manager

Originally prepared by Mary D. Brandt, MBA, RRA, CHE

Note: This practice brief replaces an earlier practice brief issued in February 1997.

Issued May 1999