National Government Services, Inc. Medicare Monthly Review Part A and B
A Combined Part A and Part B Newsletter

Clarification About the Medical Privacy of Protected Health Information (SE0726)

Provider Types Affected
Physicians, providers, and suppliers who bill Medicare contractors (carriers, durable medical equipment Medicare Administrative Contractors (DME MAC), fiscal intermediaries (FI), regional home health intermediaries (RHHI), and/or Part A/B Medicare Administrative Contractors (A/B MAC) for services provided to Medicare beneficiaries

Provider Action Needed
The purpose of this Special Edition (SE) article, SE0726, is be sure that heath care providers are aware of the helpful guidance and technical assistance materials the U.S. Department of Health and Human Services (HHS) has published to clarify the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), specifically, the educational material below. Remind individuals within your organization of:

• the Privacy Rule’s protections for personal health information held by providers and the rights given to patients, who may be assisted by their caregivers and others, and
• that providers are permitted to disclose personal health information needed for patient care and other important purposes.

HHS Privacy Guidance
HHS’s educational materials include a letter to healthcare providers with the following examples to clarify the Privacy Rule:

HIPAA does not require patients to sign consent forms before doctors, hospitals, or ambulances can share information for treatment purposes:
Providers can freely share information with other providers where treatment is concerned, without getting a signed patient authorization or jumping through other hoops. Clear guidance on this topic can be found in a number of places:

• Review the answers to frequently asked questions (FAQs) in the “Treatment/Payment/Health Care Operations” subcategory, or search the FAQs on a likely word or phrase such as “treatment.” The link to the FAQs may be found at http://www.hhs.gov/hipaafaq/ on the HHS Web site.
• Consult the Fact Sheet, “Uses and Disclosures for Treatment, Payment, and Health Care Operations,” which is at http://www.hhs.gov/ocr/hipaa/guidelines/sharingfortpo.pdf on the HHS Web site.
• Review the “Summary of the HIPAA Privacy Rule” at http://www.hhs.gov/ocr/privacysummary.pdf on the HHS Web site.

HIPAA does not require providers to eliminate all incidental disclosures:

• The Privacy Rule recognizes that it is not practicable to eliminate all risk of incidental disclosures. That is why, in August 2002, HHS adopted specific modifications to that Rule to clarify that incidental disclosures do not violate the Privacy Rule when providers and other covered entities have common sense policies which reasonably safeguard and appropriately limit how protected health information is used and disclosed.
• OCR guidance explains how this applies to customary health care practices, for example, using patient sign-in sheets or nursing station whiteboards, or placing patient charts outside exam rooms. At the HHS/OCR Web site, see the FAQs in the “Incidental Uses and Disclosures” subcategory; search the FAQs on terms like “safeguards” or “disclosure;” or review the Fact Sheet on “Incidental Disclosures.” The fact sheet is at http://www.hhs.gov/ocr/hipaa/guidelines/incidentalud.pdf on the HHS Web site.

HIPAA does not cut off all communications between providers and the families and friends of patients:

• Doctors and other providers covered by HIPAA can share needed information with family, friends, or with anyone else a patient identifies as involved in his or her care as long as the patient does not object.
• The Privacy Rule also makes it clear that, unless a patient objects, doctors, hospitals and other providers can disclose information when needed to notify a family member, or anyone responsible for the patient’s care, about the patient’s location or general condition.
• Even when the patient is incapacitated, a provider can share appropriate information for these purposes if he believes that doing so is in the best interest of the patient.
• Review the HHS/OCR Web site FAQs http://www.hhs.gov/hipaafaq/notice/488.html in the sub-category “Disclosures to Family and Friends.”

HIPAA does not stop calls or visits to hospitals by family, friends, clergy or anyone else:

• Unless the patient objects, basic information about the patient can still appear in the hospital directory so that when people call or visit and ask for the patient, they can be given the patient's phone and room number, and general health condition.
• Clergy, who can access religious affiliation if the patient provided it, do not have to ask for patients by name.
• See the FAQs in the “Facility Directories” at http://www.hhs.gov/hipaafaq/administrative/ on the HHS Web site.

HIPAA does not prevent child abuse reporting:
Doctors may continue to report child abuse or neglect to appropriate government authorities. See the explanation in the FAQs on this topic, which can be found, for instance, by searching on the term “child abuse;” or review the fact sheet on “Public Health” that can be reviewed at http://www.hhs.gov/ocr/hipaa/guidelines/publichealth.pdf on the HHS Web site.

HIPAA is not anti-electronic:
Doctors can continue to use email, the telephone, or fax machines to communicate with patients, providers, and others using common sense, appropriate safeguards to protect patient privacy just as many were doing before the Privacy Rule went into effect. A helpful discussion on this topic can be found at http://www.hhs.gov/hipaafaq/providers/smaller/482.html on the HHS Web site.

Additional Information
The HHS complete listing of all HIPAA medical privacy resources is available at http://www.hhs.gov/ocr/hipaa/ on the HHS Web site.
For a full list of educational materials, visit http://www.hhs.gov/ocr/hipaa/assist.html on the HHS Web site.

Disclaimer
This article was prepared as a service to the public and is not intended to grant rights or impose obligations. This article may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations and other interpretive materials for a full and accurate statement of their contents.

MLN Matters Number: SE0726
Related Change Request (CR) #: N/A
Related CR Release Date: N/A
Effective Date: N/A
Related CR Transmittal #: N/A
Implementation Date: N/A