Home Health & Hospice Week
Be Ready To Give Patients Their Records Electronically
Beware this frequently missed HIPAA mandate.
You’re violating new HIPAA requirements if you only give out paper records to patients who request electronic ones.
New HIPAA rules and HITECH Act provisions are giving patients more and more ownership over health records. You always need to have a process for people to ask for copies of the information in their designated record set (DRS), says Jim Sheldon-Dean, director of compliance services for Charlotte, Vt.-based Lewis Creek Systems. And you must have a reasonable cost-based fee for furnishing the copies.
For instance, if a patient wants to get a copy of his records, you would give him a copy of whatever is in his DRS, Sheldon-Dean says. And if the patient wants to amend his records, you would amend whatever records exist in the DRS.
These "new rules" include interim and proposed rules that were finalized in the big HIPAA Omnibus Update, published on Jan. 25, 2013; effective on March 26, 2013; and enforceable as of Sept. 23, 2013. The Omnibus Update included new rules under both the HIPAA Rules and the HITECH Act.
But now, if you keep DRS information electronically, you must honor requests for copies of that information in an electronic format. If the patient asks, you need to have some way of giving the information to him electronically, "whether it’s on a CD or as an email attachment or a memory stick or through a portal or however," Sheldon-Dean explains.
"You can’t just say, ‘Oh no, we only give out paper copies,’" Sheldon-Dean cautions. If you’re keeping electronic information, you must give patients a copy electronically when requested.
Problem: You know there’s no excuse for not encrypting staff-to-staff emails, but what if a patient asks for a copy of his protected health information (PHI) via an unencrypted email? What if the individual says, "I want you to just email this information to me, and I really don’t care whether it’s encrypted because I don’t think it’s really sensitive information."
Solution: You can’t just outright deny or agree to a request like this. You need to have a discussion with that individual, Sheldon-Dean advises. You need to discuss with the patient what kind of information you’re emailing — regular medical records, a test result, HIV information, etc. — and explain the risks.
And you need to talk through and perform a risk analysis with the patient. The patient can’t just say, "I don’t care about this — just email it to me anyway," according to Sheldon-Dean. The individual should tell you in writing, "Okay, I understand what my risks are and I think that’s acceptable." The person must give you an informed risk decision.
Define The Scope Of Your DRS
Another problem is understanding what’s on the DRS and where all that information resides. And this is not just your formal electronic health record (EHR) — "also you may have Excel files or access databases or Word documents," Sheldon-Dean notes. Any information — no matter if it resides in the EHR or elsewhere — that you’re using to make decisions about the individual is part of the DRS.
Crucial: "So you need to understand where is your [DRS], how big is it, what are the limits of it," Sheldon-Dean urges. "Because the more you can define that information, the easier it is to be able to provide individual access."
Remember: Also, because the electronic access provision is new, you’ll need to update your Notice of Privacy Practices (NPP) accordingly.
Include This Info In Your Access Reports
If somebody wants an accounting of disclosures (also called an access report) — what information might have been disclosed to some other organization — that applies to the information in the DRS, Sheldon-Dean explains. You could have other information that is PHI associated with the individual "but maybe it’s for purposes of internal audits or internal reviews or quality improvement" — that’s not in the DRS.
Under the new rules, you must widen your scope when providing an access report/accounting of disclosures to patients. If you haven’t already, you should evaluate your systems’ capabilities to ensure you can properly produce this type of report.
Note: The HIPAA Omnibus Update is in the Jan. 25 Federal Register at www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf.
Home Health & Hospice Week
- Reimbursement:
Edits Targeting Therapy Net Massive F2F Denials Instead
Diagnosis codes alone won’t fulfill F2F. Is the face-to-face documentation for your patients airtight? If [...] - Billing:
Know The Codes Palmetto Is Targeting
HHH Medicare Administrative Contractor Palmetto GBA targeted claims with 2CGK* and 1BGP* HIPPS codes, reviewing [...] - Medical Review:
Deploy These 8 Strategies To Defend Against F2F Scrutiny
Revamping your admission process may save your reimbursement. If your face-to-face documentation isn’t up to [...] - Patient Privacy:
Be Ready To Give Patients Their Records Electronically
Beware this frequently missed HIPAA mandate. You’re violating new HIPAA requirements if you only give [...] - Hospice:
GIP Features In Supplemental Comparative Billing Report
Hospice diagnosis coding changes will hit hard, report indicates. Don’t be surprised to see Medicare [...] - Industry Notes:
Keep Your Eye On Washington As Budget Negotiations Unfold
Warning: More Medicare cuts could be on the way in mere months. The [...] - Industry Note:
E-Mail Gaffe Leads To Hospice HIPAA Breach Notification
A slip-up by a hospice employee is leading to some bad press for one hospice [...] - Industry Note:
New Change Of Care Notice Required In December
You’ve got about a month-and-a-half to get up to speed on the new CCN and [...] - Industry Note:
HHH MAC Region Transitions From NHIC To NGS
The HH&H MAC workload for provid-ers in Maine, Massachusetts, New Hampshire, Rhode Island, Vermont, and [...] - Industry Note:
Verify Your MAC Info
It may seem like you just did it, but there’s a good reason you need [...] - Industry Note:
Nation's Largest Home Care Chain Grows Larger
The nation’s largest home care chain has gotten even larger. Gentiva Health Services Inc., which [...] - Industry Note:
Hospice Owner Convicted
A hospice owner indicted two years ago has been found guilty of Medicare fraud in [...] - Industry Note:
Doc Housecall Co. Owners Found Guilty
Father-and-son owners of a physician housecall company have been convicted of Medi-care fraud related to [...] - Industry Note:
CNA Praised In Fire Rescue
Hospices may be getting a black eye in the press lately, but they also get [...] - Industry Note:
Home Care Therapist Tops OIG's Fugitive List
An indicted physical therapist in the large home care fraud schemes that took place in [...]
