Health Information Compliance Alert

Published on Tue Nov 04, 2003 PDF

Don't fall for these dangerous HIPAA misconceptions


HIPAA misconceptions are every-where, and those regulatory misunderstandings can often make your jobs that much harder. But don't fret: Bill Sarraille in the DC office of Sidley Austin Brown & Wood will skewer the HIPAA untruths and set you straight on the regs.


PATIENT ACCESS TO THE DESIGNATED RECORDS SET
 
Many covered entities (CEs) believe that the right of access to a DRS means that a patient can have access to his medical records and not to any other records. That's just wrong, says Sarraille.
 
For example, when a patient is referred to a collection agency for failure to pay a bill or a copayment, a CE will send a letter to the collection agency saying it wants to pursue a patient's account, says Sarraille. The patient is permitted to obtain a copy of the letter the CE sent to the collection agency, but CEs often say they're not required to do so because the letter isn't a medical record. "That's when the patient, who knows better, will dial up '1-800-Create-A-Huge-Pain-For-My-Doctor' and [the HHS Office for Civil Rights] will be invited to do some schooling."  
 

PATIENT ACCESS TO RECORDS YOU DIDN'T CREATE

So, what's your responsibility for medical records you didn't create? It's easy, says Sarraille. Even though medical records may have originated in another office, they are still part of your DRS whenever you receive and make use of them.
 
 
Sarraille says many CEs either don't provide patients with access to such documents or they destroy them. Don't ever do that, because in each case "you're essentially denying that you've had access to that information and you've incorporated that into your medical decision making."  Tip: A plaintiffs' lawyer could challenge the adequacy of the information upon which you made your treatment decision, and if you denied access to such records, you could appear to have cut yourself off from other caregivers whose records may have been relevant to your treatment decision.
 

REFUSAL TO SIGN ACKNOWLEDGEMENT

It'll happen one day if it hasn't occurred already: A patient simply refuses to sign an acknowledgement of receipt of your notice of privacy practices. That's no problem, says Sarraille. Although you're supposed to try to secure a signed acknowledgement of receipt in good faith, if a patient simply refuses to do so, then you may continue to treat the patient. Just document that you tried to secure it in good faith, but the patient was unwilling to sign for whatever reason.
 

RELATIVES/FRIENDS OUT OF PHI LOOP?

Oftentimes a family friend or a relative is together with the patient in a treatment setting. HIPAA says that you can provide information to people involved in a patient's care in the exercise of your own good judgment. If the patient is present, then try to secure a verbal agreement or, in some cases you may infer a patient's agreement.
 
Scenario # 1: A patient is recovering after a minor surgical procedure. After recovery, the patient waits to receive final discharge instructions. If the patient's relative or friend is present too, instead of requesting to speak alone with the patient, you have at least two options: You could say, "I'd like to talk about discharge instructions with your relative present because it's often best to have another pair of ears to hear this information." Often, the patient will agree with that logic. And Sarraille says you don't have to document the fact that the patient gave that permission to comply with HIPAA.
 
Scenario # 2: The other possibility is if you don't ask the patient, but you say you'd like to discuss discharge instructions with the patient. If the patient does not dismiss the family member, "you'd be able to infer from that that the patient has consented [to his or her presence]."  
 

WHEN FAMILY/FRIENDS SEEK PHI

Here's a common occurrence in many organizations: someone calls your office saying she's a relative of a patient and asking for her relative's medical info - a niece, let's say. Sarraille urges you to do whatever is reasonable under the circumstances to check out her story. For instance, ask what the niece can tell you about her aunt and why the aunt asked her to get this information. Whatever you do, you're allowed in your reasonable exercise of judgment to go ahead and provide this information, Sarraille notes. "The idea that we have to in all cases stop the conversation, call up and reach the patient, get their approval and then communicate to the niece - that's not true under HIPAA." 
 

APPOINTMENT REMINDERS AND HIPAA

A big issue that often rears its head involves appointment reminders left on voice mails. Sarraille says that as long as you use the minimum necessary amount of information to remind people of an appointment, that's just fine. 
 
Tip: Limit the information you provide on a voice mail, but remember that you can provide info that's necessary to inform a patient of an upcoming appointment: Date, time and the name of the doctor. The same rules apply to postcard appointment reminders as well, claims Sarraille.