Health Information Compliance Alert

HIPAA Privacy:

SAFETY FIRST FOR DOC GROUP HIPAA COMPLIANCE

Published on Wed May 01, 2002

The war cry for privacy officers everywhere should be "better safe than sorry," and at least one expert says getting best practices in place even before the rule is finalized could be the best bet in the long run.

The final version of the Health Information Portability and Accountability Act's consent requirement is still under review, but there are still a few practical issues medical groups and physicians' practices can chalk down to ensure they're in the clear with the act's privacy standards.

The notice of proposed rulemaking issued in March by the Department of Health and Human Services would essentially remove the HIPAA consent requirements but it's still not clear whether Congress will step in and force consent provisions to be restored. In the meantime, there are a number of practical issues physician practices should consider when it comes to consent:

When should you get it? Questions that arise with respect to consent often revolve around whether the practice should start obtaining consents from patients now or whether they should wait until the rules are finalized. While this is mainly a judgment call that should be made on a practice-to-practice basis, "it makes good sense to start obtaining these documents now" before the compliance deadline, says Scott Edelstein with the Los Angeles office of McDermott, Will & Emery.

Additionally, there's the question of whether consent should be obtained from the patient early in the process or whether the provider should wait until the patient is receiving some kind of treatment, posed Edelstein in a May 7 teleconference seminar, "Issues and Answers for the Physician Practice." In most cases the best bet is to get the patient's consent as soon as the patient presents himself at the reception area or registers for treatment, notes Edelstein.

How many forms must be completed? Another question raised by physicians is whether or not different consent forms need to be provided for each physician in the practice. The answer is generally "No." Since each physician is part of one covered entity, the group practice, consequently only one consent form would be required to cover all the physicians in that practice, Edelstein explains.

To treat or not to treat It's not such a difficult question. A practice can lawfully discharge or refuse to treat a patient who does not sign a consent agreement. Not only can the practice do that, it should do that, Edelstein recommends. "I think a practitioner should not treat an individual unless it's an emergency, of course, unless they have consent."

If a provider uses PHI or discloses it without a consent form from the patient, he might be in violation of HIPAA, and the patient could file a complaint with HHS , which could lead to penalties. Erring on the side of caution, Edelstein tells Eli providers should always obtain the patient's consent prior to using any PHI or disclosing it for treatment, payment, or health care operations.

Consents for camp or school? Would an executed consent form be sufficient to release a camp form to a camp, or an immunization record to a school? Generally, the answer is "No," since these types of releases are not in connection with treatment, payment, or health care operations, and consequently aren't covered by consent, but rather by an authorization form.

And as a practical matter, these types of documents should probably be given to the patient instead of directly to the camp or school, advises Edelstein, since by doing so, one wouldn't have to obtain the patient's authorization "one less administrative hurdle to overcome," he points out.

Health Information Compliance Alert

HIPAA Disclosures:
FEDS TO LIGHTEN ACCOUNTING BURDEN
Proposed amendments to the Health Insurance Portability and Accountability Act look to lighten the burden [...]

HIPAA Privacy:
MARKETING CHANGES WORRY HIPAA ADVISORY PANEL
The National Committee on Vital and Health Statistics has weighed in on proposed changes to [...]

Clinical Labs:
CLINICAL LABS POSE UNIQUE HIPAA COMPLIANCE CHALLENGES
Clinical laboratories serve an unusual role in the health care system in many cases they [...]

HIPAA Tips:
3 STRATEGIES FOR HIPAA PREPARATION IN CLINICAL LABS
While clinical labs may occupy a unique position under the Health Insurance Portability and Accountability [...]

Genetic Privacy:
GENETIC INFO LACKS PRIVACY PROTECTIONS
Knowing which rules to follow when it comes to keeping medical records is challenging enough, [...]

Temporary Employees:
THE TROUBLE WITH TEMPS
Temporary employees can save the day when business booms but if you don't know how [...]

HIPAA Privacy:
SAFETY FIRST FOR DOC GROUP HIPAA COMPLIANCE
The war cry for privacy officers everywhere should be "better safe than sorry," and at [...]

Authorizaitions:
5 AUTHORIZATION PERILS FOR PHYSICIAN PRACTICES
When it comes to authorization requirements, physician practices had better mind their p's and q's [...]

HIPAA Privacy:
18,000 CONTRACTS IS TOO MUCH TO ASK
While the Department of Health and Human Services' proposal to ease up on the consent [...]

Privacy Exceptions:
GRAND JURY SUBPOENA TRUMPS PATIENTS' PRIVACY RIGHTS
The Health Insurance Portability and Acountability Act doesn't necessarily protect a hospital's emergency department records [...]

Security:
FINAL SECURITY RULE EXPECTED SOON
The Centers for Medicare & Medicaid Services expects to release its long-awaited Health Insurance Portability [...]

Identifier Standards:
EMPLOYER IDENTIFIER FINALIZED
The Centers for Medicare & Medicaid Services crossed one of the less controversial items off [...]

Genetic Privacy:
RAILROAD PAYS FOR GENETIC TEST
Playing fast and loose with patient privacy can cause more than just Health Insurance Portability [...]

View All