Site Search
   Go

Case Studies

HIPAA Compliance


You are here: Home > Patient Messaging > HIPAA

PhoneTree HIPAA Compliance

As has become almost common knowledge throughout the medical industry, HIPAA (the Health Insurance Portability and Accountability Act) has introduced many new changes in policy and procedures regarding the handling of patients’ private health information. The most common concerns PhoneTree customers have voiced is the question, “May I use a PhoneTree and remain HIPAA compliant?” The following statement has been published by the US Department of Health and Human Services:

Q: May physician’s offices or pharmacists leave messages for patients at their homes, either on an answering machine or with a family member, to remind them of appointments or to inform them that a prescription is ready? And may providers continue to mail appointment or prescription refill reminders to patients’ homes?

A: Yes. The HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes, whether through the mail or by phone or in some other manner. In addition, the Rule does not prohibit covered entities from leaving messages for patients on their answering machines. However, to reasonably safeguard the individual’s privacy, covered entities should take care to limit the amount of information disclosed on the answering machine. For example, a covered entity might want to consider leaving only its name and number and other information necessary to confirm an appointment, or ask the individual to call back.

A covered entity also may leave a message with a family member or other person who answers the phone when the patient is not home. The Privacy Rule permits covered entities to disclose limited information to family members, friends, or other persons regarding an individual’s care, even when the individual is not present. However, covered entities should use professional judgment to assure that such disclosures are in the best interest of the individual and limit the information disclosed. See 45 CFR 164.510(b)(3).

In situations where a patient has requested that the covered entity communicate with him in a confidential manner, such as by alternative means or at an alternative location, the covered entity must accommodate that request, if reasonable. For example, the Department considers a request to receive mailings from the covered entity in a closed envelope rather than by postcard to be a reasonable request that should be accommodated.

Similarly, a request to receive mail from the covered entity at a post office box rather than at home, or to receive calls at the office rather than at home are also considered to be reasonable requests, absent extenuating circumstances. See § 164.510 (b) (3) of complete U.S. Dept. of Health & Human Services Final Privacy Rule Regulation Text.

See also: Direct Query to U.S. Dept. of Health & Human Services

Source: http://www.hhs.gov/ocr/hipaa/
Medical Privacy - National Standards to Protect the Privacy
of Personal Health Information
What’s New - Updated 12/04/02 with policy guidance
Page six of: INCIDENTAL USES AND DISCLOSURES
OCR HIPAA Privacy, December 3, 2002

 

For More Information...

· See practice case studies of PhoneTree Patient Messaging »

· Calculate return on investment for your practice »

· Contact a PhoneTree Messaging Specialist »