P.R. Laws tit. 26, § 9089
(a) All parties to a claim audit shall recognize and comply with all federal and Commonwealth laws and any contractual agreements regarding the protection of information within clinical records and the confidentiality and security of patient information.
(b) The release of medical records requires authorization from the patient. An authorization to release such records shall be included in the statement of diagnosis procured by the provider upon admission of the patient. If no such statement is obtained, a separate authorization for a claim audit is required. The authorization need not be specific as to the health insurance organization or issuer or auditor conducting the audit.
(c) The authorization shall be obtained by the person conducting the claim audit or the provider, and shall include the standard information provided through policy letter by the Commissioner and in accordance with subsections (a) and (b) of this section.
(d) A patient’s assignment of benefits shall include a presumption of authorization to review records.
(e) The audit coordinator shall confirm to the audit representative that a statement of diagnosis is available for the particular audit that needs scheduling.
(f) The provider shall inform the patient or requestor, on a timely basis, if there are any federal or Commonwealth laws prohibiting or restricting review of the medical record and if there are institutional confidentiality policies and procedures that affect the review of such documents. These institutional confidentiality policies shall not be specifically oriented in order to delay an external audit.
History —Aug. 29, 2011, No. 194, § 6.090, eff. 180 days after Aug. 29, 2011; July 10, 2013, No. 55, § 11, eff. 30 days after July 10, 2103.