Trends and Issues

Subscribe | Advertise | About Us | Contact Us | Home

March 2004

By Cherilyn G. Murer, JD, CRA

When we last visited the HIPAA Privacy Rule in this column, the mandatory compliance date of April 14, 2003, was a year away, and the prospect of compliance with its requirements of written patient consent and safeguarding of patients’ protected health information (PHI) was causing a good deal of consternation among rehabilitation providers.

Fortunately, prior to the compliance date, the Department of Health and Human Services (DHHS) issued revisions to the Privacy Rule that dispensed with written consent and generally made com-pliance less onerous. Now that providers have a year of experience with the Privacy Rule’s mandates, it is apparent that both providers and patients are learning to adapt and cope.

Unfortunately, a great deal of confusion still reigns, which indicates that there is a considerable way to go before both providers and patients are truly comfortable with the Privacy Rule. Therefore, it may be beneficial to take the time to review those aspects of the Privacy Rule that seem to be causing rehab providers the most trouble.

Family and Friends Are Not Off Limits

Probably no privacy matter has caused more confusion than what information, if any, may be disclosed to the friends and family of patients. Despite great efforts by DHHS to inform them otherwise, many providers continue to operate under the mistaken assumption that they are not allowed to disclose any information to family and friends without the patient’s written authorization. Several rehabilitation provider Web sites, for example, contain statements like:

“Health providers will no longer be able to share protected health information with spouses, parents of emancipated children, adult children siblings, friends, or others without written consent. As a result, the new federal law may cause friends and family frustration in performing tasks and gaining information taken for granted in the past. We apologize for any inconveniences, but must comply with the law or face very significant penalties.”

In addition to statements like this, newspapers and magazines over the past year have frequently carried stories about the refusal of hospitals to provide patients’ families and loved ones with any information about the patient, including whether the patient is even on the premises. These practices stem from a misapprehension about the Privacy Rule’s requirements that, despite DHHS’ best efforts, seems loath to go away.

Far from prohibiting meaningful contact with the patient’s family and friends, the Privacy Rule actually makes it rather easy for providers to communicate with nonpatients, as long as certain common-sense procedures are followed. The exact nature of the procedure depends on whether the communication contains specific medical information about the patient or is more general in nature. In either case, the key to compliance with these procedures is to give the patient an opportunity to “opt out” before the disclosure is made.

The Privacy Rule describes nonspecific information used to locate a patient as “directory information.” Provided the patient is first given an opportunity to refuse to allow any or all of the disclosures (most facilities provide the patient with this opportunity in the form of a check-off list that the patient may fill out at admission), the facility may provide anyone who asks for the patient by name with:

The patient’s name;
The patient’s location in the facility; and
The patient’s condition described in general terms that does not communicate specific medical information about the individual, ie, good, fair, poor, etc.
The patient’s religious affiliation may also be disclosed to members of the clergy.

On its Web site, DHHS has also stated that “location in the facility” includes the telephone number of the patient’s room. If an extreme medical condition prevents the patient from exercising the prior right to opt out of the directory disclosures (an unlikely circumstance in rehab facilities), the provider may use their professional judgment in deciding whether the disclosures are in the best interest of the patient.

Obviously, directory disclosures will be more applicable to inpatient facilities than to outpatient rehab providers, but it is still quite conceivable that a patient’s family member or employer will call an outpatient facility to check if a patient is there.

Therefore, outpatient facilities should provide their patients with the same type of opt-out check-off list that inpatient facilities use. If they do, outpatient rehab providers have no reason to shy away from answering these inquiries.

For communications involving specific medical information about the patient, the Privacy Rule’s requirements are equally common sense. The rule permits disclosures about the patient’s specific medical condition to family and friends to the extent that those family and friends are involved in the patient’s health care.

If the patient is present when the disclosures are made, the Privacy Rule requires that the patient first be given the opportunity to object to the disclosures. In keeping with this common-sense approach, DHHS’ Web site states that the patient’s participation in family discussions about his or her condition or treatment makes it reasonable to infer that the patient does not object to the disclosures.

Keeping Change (and Costs) Down

Because of the traditional open nature of rehabilitation therapy, many providers feared that the Privacy Rule would require wholesale changes to the way they carried out their treatment practices, not to mention to the expensive remodeling of their facilities.

Judging from the stories related on Web sites and in the media, many providers have made alterations to their facilities, such as installing glass or drywall between the patient waiting room and the receptionist/office area or dividing up the treatment area. Providers who have not already gone to such extremes should take comfort in the fact that such expensive alterations are not required by the Privacy Rule.

As DHHS states on its Web site, the Privacy Rule requires only that reasonable efforts to safeguard the privacy of patient information are required. Facility restructuring in the form of remodeling is not part of those reasonable efforts. Thus, there is no need to wall off the receptionist’s desk from the patient waiting area. Generally, placing the receptionist’s computer so that its screen is not readily viewable by patients and placing any files that the receptionist uses behind the desk should suffice.

As long as patient records are kept in a secure location—such as a locked cabinet when not in use—there is no need to build a separate room for the records, if one does not already exist.

Similar considerations apply to treatment areas. In this regard, it should be stressed that DHHS has explicitly stated that group therapy is still permitted under the Privacy Rule.

According to DHHS’ Web site, disclosures made during group therapy are considered disclosures for treatment purposes and, as such, do not require the patient’s prior authorization. Furthermore, the patient’s agreement to participate in group therapy signals that the patient has no objection to such disclosures. If the facility lacks private offices for more personal conversations with the patient or family members, there is no need to build them. Relatively inexpensive screens, such as those used for office cubicles, will suffice.

Drastic changes also are not required for other traditional staples of rehab practice, such as the sign-in sheet, calling out the patient’s name in the waiting area, and appointment reminders. DHHS has stated that there is no need to get rid of the sign-in sheet. All that is required is to ensure that the sign-in sheet does not contain other identifying information, such as the reason for the visit or the patient’s Social Security number. If this information is still required at sign-in, it can be gathered by dividing the sign-in sheet into individual tear-off sheets or by keeping the other information on separate records that are not accessible to patients. Similarly, it is still permitted to call out the patient’s name in the waiting area, just refrain from stating the reason for the appointment when doing so.

Contrary to what seems to have become a popular belief, it is also still acceptable for providers to leave appointment reminder messages on patients’ answering machines. As with the sign-in sheet and patient call-out, the key is not to leave any information beyond the provider’s name and phone number and to say that the call is to confirm an appointment at a certain date and time. The reason for the appointment should not be included.

Similarly, a provider may also leave the appointment confirmation with a family member or other person who answers the phone when the patient is not home. The only significant restriction in this regard is that the provider is required to honor the patient’s request to communicate with him or her in a confidential manner, if feasible, such as by sealed letter rather than postcard or at the patient’s office as opposed to home.

Conclusion

In sum, if providers follow the actual requirements of the Privacy Rule, as opposed to the misconceptions that have dogged HIPAA compliance since its inception, the rehabilitation industry should not only be able to live with the Privacy Rule, but should be able to do so in comfort.

Cherilyn G. Murer, JD, CRA, is CEO and founder of the Murer Group, a legal-based health care management consulting firm in Joliet, Ill, specializing in strategic analysis and business development. She may be reached at (815) 727-3355 or via the Web: www.murer.com.

LOOKING FOR EXPERT ADVICE?

Experts here are available to answer all your questions!

Please contact us for more information about this feature, or to become an expert.

MEDIA CENTER

Interactive Media

Resources

	Calendar
	Consumer Resources
	Media Kit
	Advertiser Index EAB Reprints Submit an Article

ADDITIONAL ONLINE RESOURCES

Allied Media
24X7mag Clinical Lab Products (CLP) Orthodontic Products The Hearing Review Hearing Review Products Rehab Management		Physical Therapy Products Plastic Surgery Practice Imaging Economics RT Magazine Sleep Review

Subscribe | Advertise | About Us | Contact Us | Home

March 2004