Skip to page content


GUIDANCE (June 2013)

TRUSTED REQUESTOR PROCESS

Instructions to Individuals Providing PHI to Requestors

Generally, to obtain protected health information (“PHI”) for purposes other than for treatment and payment, a requestor must complete the PHI Request Form or present documentation from the IRB to the HIPAA Privacy Program for approval.  They will review the request, contact the requestor, if necessary, with questions, and then determine whether the PHI can be used and disclosed according to the HIPAA Privacy Rule.  The HIPAA Privacy Program will communicate its decision to the requestor and to the individual providing the PHI.

PHI requests for treatment and payment purposes are not required to go through the “trusted requestor” process; however the use and disclosure of the PHI must comply with the HIPAA Privacy and Security Rules.

The guidance below should be followed when individuals (e.g. data administrators, HIM Department) receive requests for PHI:

Requests In Support of Research

Requests Received By Phone (other than research)

Regardless of how the request is received, if the HIPAA Privacy Program approves the data request, it will email its approval to the requestor and the individual providing the PHI.  After which, the PHI can be compiled and sent to the requestor in accordance with the HIPAA Email and/or Faxing Guidelines.   

Requests Received By Fax or E-Mail (other than research)

If the HIPAA Privacy Program approves the data request, it will email its approval to the requestor and the individual providing the PHI.  After which, the PHI can be compiled and sent to the requestor in accordance with the HIPAA Email and/or Faxing Guidelines.  

Trusted Requestor Exemption (“pre-approved”) List
Certain individuals frequently request PHI (e.g. patient records, reports, and extracts) in support of hospital operations fundamental to their job functions.  Those individuals are not required to complete a PHI Request Form for PHI requests.  Those individuals are included on the TR Exemption List.  If you wish to be added to the list, please ask your supervisor to contact the HIPAA Privacy Program.

 

HIPAA Program fax number is 2-6278

 

Contact Information

Back to Guidances


Quick Links:

Accounting of Disclosures

HIPAA Privacy Review

HIPAA Reference Sheet

Quick Reference Guide

Useful Links

HPO@bsd.uchicago.edu



Call 4-9716 for more details.

PDF version