Health Information Compliance Alert
READER QUESTIONS ANSWERED
PDF
YOU CAN GET FIT WITHOUT LOSING PHI Question: As a health insurer, we would like to work with our at-risk enrollees' local fitness centers to provide exercise classes. The centers will bill us electronically for time spent on fitness and nutrition counseling with the enrollees. Would this relationship make the fitness center a business associate?
- North Carolina subscriber
Answer: "No," states Jeff Boyer, HIPAA Compliance Coordinator for the HIPAA DC Program Management Office in Washington, DC. "If the centers bill electronically for their health services, they are a covered entity," he says.
Most fitness centers won't be interested in working with you once they find out they'll have to abide by the privacy and security rules, Boyer expresses. Good idea: "Ask the centers to submit claims on paper," he suggests. That way they can still provide the health service without having to worry about HIPAA.
The Bottom Line: Fitness centers that provide health care services - and bill for them electronically - are covered entities, not business associates, Boyer says. If the centers don't want to send paper claims, track down either a fitness center already working with the rule or a rehab center instead, he offers.
Question: A visiting doctor wants to use our patients' medical information in an article she is co-authoring with three other doctors. Would this be covered under the privacy rule's research allowance, or do we need to ask our patients to authorize this disclosure?
- Mississippi subscriber
You have to ask for your patients' authorization for this disclosure, says Debbie Larios, an attorney with Miller & Martin in Nashville, TN. "The privacy rule's research provision is for clinical trials with an internal review board's approval," she explains.
Try this: Ask the visiting doctor to narrow down what kind of patients she and the other authors are interested in studying. Then you can track down those patients only, she suggests. Caution: This will involve a ton of work and may not be very successful, Larios warns.
The Bottom Line: Unless you have the time and resources to devote to the necessary legwork, your safest bet is to deny the visiting physician access to your patients' medical information, Larios advises.
Next step: If you want to work with researchers or contribute your patients' PHI to medical studies, ask patients to sign an authorization when they come in. Tip: The form must clearly state that the patient's signature means "you can release her general medical information to former staff members or other researchers without notifying her each time," Larios asserts.
Health Information Compliance Alert
- Security:
4 STRATEGIES TO EASE YOUR SECURITY RULE ANXIETIES
Eli's experts help you get over the top security rule humps
One thing about the security [...] - COMPLIANCE TOOL:
USE THIS TOOL TO SET YOUR TRADING PARTNERS'SECURITY STANDARDS
TRADING PARTNER AGREEMENT This trading partner agreement (agreement) is made between [ORGANIZATION] and [TRADING PARTNER]. [...] - CONFERENCES:
Conference Calendar Corner
Check out December's informative events:
December 1 in San Antonio: "Implementing The Next Wave Of HIPAA [...] - COMPLIANCE STRATEGIES:
DON'T MONKEY AROUND WITH PHI IN PATIENTS' HOMES
You must take your HIPAA compliance with you Do you have the tools to protect [...] - SECURITY COMPLIANCE:
ERADICATE THESE RISK ASSESSMENT MYTHS
Here are the top 5 myths - and the real truth behind them You've worked [...] - THE THIRD DEGREE:
READER QUESTIONS ANSWERED
YOU CAN GET FIT WITHOUT LOSING PHI Question: As a health insurer, we would like [...] - HEALTH INFORMATION NEWS
CAN YOU KEEP YOUR PATIENTS' PHI OUT OF THE LEGAL CROSSFIRE?
Your patients' medical records could [...]