Take the HIPAA Quiz. Are These Violations? (Part I)
The rules regarding HIPAA can be somewhat confusing. Take the quiz below to see if you know what is and what is not a HIPAA violation.
Q. A neighborhood health care practice posts a bulletin board welcoming new patients to the practice. The patients’ names and towns are listed on the board. Is this a violation of HIPAA?
A. Yes. Patient names and addresses are protected health information (PHI) under HIPAA and may not be shared without authorization from the patient.
Q. A patient is seen by their primary care physician, who recommends an x-ray, followed by an orthopedic consult. The referring physician forwards the patient’s records to the consulting physician without first obtaining the patient’s authorization. Is this a violation of HIPAA?
A. No. Practices are permitted to use and disclose patient information for treatment, payment, and/or practice operations. Patient authorization is not required.
Q. An individual seated in a waiting room overhears a doctor telling another patient’s family that the cancer of their family member has spread to adjacent organs. The doctor was speaking in a low tone in a corner of the hallway. Is this a violation of HIPAA?
A. No. The HIPAA rule requires reasonable administrative, physical, and technical safeguards for protected health information. The fact that patient PHI may be overheard or overseen is not a violation of HIPAA. The doctor was speaking a low tone in an area away from the waiting room, demonstrating the implementation of physical safeguards.
Q. An individual was concerned with her sister’s recent weight loss. She called her sister’s doctor’s office saying she was the sister and asked the office to fax her medical records to her. The doctor’s office, believing she was the patient, complied with the request. Did they violate HIPAA?
A. Yes. It is the responsibility of the office to verify identity and authority before releasing patient information.
Q. A practice routinely sends out reminder cards or reminder calls, but one of their patients asks to not receive them. Is it a violation of HIPAA to call or send a reminder of a scheduled appointment to a patient who has requested to not receive them?
A. Yes. Patients have the right to opt out of future communications. If a practice offers communications, such as reminder cards, reminder calls, newsletters or other mailings, patients can ask to be removed from mailing lists, and the practice must make a good faith effort to comply.
Q. A hospital sends a mailing to its patient list announcing the arrival of a new specialty group and the acquisition of a new magnetic resonance imaging machine. Is this a violation of HIPAA?
A. No. The information contained in the mailing is not marketing, and therefore does not require prior authorization from the patient.
How well did you do? Check next Friday’s blog for the HIPAA Quiz, Part II.
TCS provides training on HIPAA/HITECH. For more information about these and all our courses, click on www.tcs-inc.us.