I have always been told that patient account balances are considered part of PHI and thus protected by HIPAA, but I have a provider asking me to ALWAYS disclose account balances to anyone who questions if they are requesting for the purpose of making a payment. I don't feel that this is appropriate.
As I research HIPAA in my quest to find the "black and white" proof to either prove (or disprove) my point, I find that "information for payment purposes" mostly relates to insurance carriers and not "parents who pay the bills".
From the hhs.gov website I find:
What Information is Protected
Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
“Individually identifiable health information” is information, including demographic data, that relates to:
1. the individual's past, present or future physical or mental health or condition,
2. the provision of health care to the individual, or
3. the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number)......
Any input would be greatly appreciated!!
As I research HIPAA in my quest to find the "black and white" proof to either prove (or disprove) my point, I find that "information for payment purposes" mostly relates to insurance carriers and not "parents who pay the bills".
From the hhs.gov website I find:
What Information is Protected
Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
“Individually identifiable health information” is information, including demographic data, that relates to:
1. the individual's past, present or future physical or mental health or condition,
2. the provision of health care to the individual, or
3. the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number)......
Any input would be greatly appreciated!!