Am I the only one who remembers HIPAA?
Published January 2010
Dear readers,
Medical staff services departments (MSSD) are often sent practitioner-related information from outside parties that don’t know where exactly to send such information. Aside from being a minor annoyance it can interrupt work flow, and in some situations, violate HIPPA.
Today was the last straw. For several months now the office has been receiving faxes addressed to physicians. These faxes include everything from H&P’s from consults to medication alerts from pharmacies and approval for durable medical equiptment. Today we received an e-mail that was supposed to contain clinical data for a physician applying to our medical center. But when we opened the document, it contained numerous pages of billing forms used by the physician group to track hospital patients. The clerk who received the information is new, and she brought the forms to me, asking what they were. The documents contained 15 pages of patient names, medical record numbers, dates admitted to the unit, and the CPT code.
Has everyone just forgotten about HIPAA? I don’t think it has been changed. HIPAA was passed into law in 1996. Among other things, it requires that health care providers guard the individually identifiable health information from disclosure to parties not entitled to view this information. All of us prepared for this new law by attending countless department meetings regarding what could be released and to whom.
Today’s incident was just the icing on the cake. I have heard of situations where pharmacies send patient information to wrong locations, too. It is admirable that local pharmacies are concerned with drug interactions. However, when they put prescription information on a form, listing patient name, address, DOB, and medications, including dosage, and fax it to a wrong number, anyone who handles that piece of paper knows quite a lot about the patient.
If I should find myself in those situations, I would call that pharmacy and bring it to their attention, but it is like trying to un-ring a bell. Additionally, when someone scans numerous pages of billing lists to his smart phone and e-mails it to his nurse to e-mail it to the neighboring medical center where he is applying for privileges, how many bells are rung.
Today I sat down and wrote a memo that will be returned with faxes to their sender. In BIG BOLD letters, the memo states that the information contained in the fax is a HIPAA violation and not only can the health care provider be fined, but so can individuals. We called the nurse who forwarded the billing forms and educated her on the HIPAA standards and assured her that we were shredding the forms, and deleting the e-mail (but, can you really delete anything?). I asked the nurse to have the physician call the health information department in his primary facility. They should be able to supply a list of patients treated, in or out patients, and consults, without revealing individually identifiable health information.
I wish I could say I felt better about all of this. I guess I keep thinking about the results of my last trip to the doctor and the possibility of my weight gain being mistakenly faxed to the local newspaper instead of an ad for that car he is trying to sell.
Remember, those who are afraid to ask are afraid to learn.
All the best,
Anne R. Buss, CPMSM, CPCS
|
EMAIL THIS PAGE
SUBSCRIBE
