Jul 26, 2012

10 HIPAA Questions Every Staff Member Should be Able to Answer

Thank you to all of our readers! Even though HIPAA has been around since 1996, we still see costly mistakes being made involving the most basic HIPAA policies. The maximum HIPAA fines are now 1.5 million, which does not include any civil lawsuits.  Your staff should be able to easily answer the following HIPAA Questions.

10 HIPAA Questions

1. Q: Is it a HIPAA Violation to call out a patient’s FULL name into the waiting room?
    A: While it is recommended to only call out a patient’s first name, it is NOT a violation to call out a patient’s FULL name into the waiting room.

2. Q: Do ALL emails and faxes sent from our practice need to contain a Privacy Warning?
    A: YES! All emails and faxes must contain a Privacy Warning. Example:

Privileged and Confidential: This document and the information contained herein are confidential and protected from disclosure pursuant to Federal Law. This message is intended only for the use of the Addressee(s). If you are not the intended recipient, you are hereby notified that the use, dissemination, or copying of this information is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately.

3. Q: Does HIPAA allow our practice to disclose a deceased person’s information to a funeral home?
    A: HIPAA protects an individual’s protected health information (PHI) whether they are alive or deceased. If the funeral home requests PHI needed to perform services, then it is permissible to disclose. However, if the funeral home is requesting information such as a SSN or other personal information, it is appropriate to have the funeral home contact the deceased individual’s designated representative. This individual can then provide the necessary information.

4. Q: Can I leave the following message on a patient’s answering machine? Our records indicate that you have a $200 account balance that is 60 days past due. Failure to provide payment by the end of the month will result in your account going to collections.
    A: NO! No financial information may be left on a patient’s answering machine. You may only leave a message with the following information: Practice Name, Practice Phone Number, and a request for a return call.

5. Q: Does HIPAA allow us to charge a patient when making a copy of requested Medical Records?
    A: YES. HIPAA allows for a “reasonable” fee to cover your costs associated with the copying of a patient’s medical record. You may not charge a fee to retrieve the record.  

6.  Q: What are HIPAA’s regulations when using an interpreter?
      A: When the use of an interpreter is required, first clarify with the patient that they approve of any PHI disclosure made through the interpreting services. Interpreters may be used in person, or over the phone.

7. Q: Can a patient change their Medical Record?
    A: Patients have the right to request an amendment to their medical record, but they DO NOT have the right to change their medical record. Patients may submit a written request for an amendment. The practice should carefully consider the amendment, but does not have to accept it.

8. Q: Can we display patient photographs in our waiting room?
    A: HIPAA allows for a practice to take a photograph to maintain in the patient’s file. All photographs of a patient must first have the written authorization from the patient prior to public display

9. Q: If a couple is divorced, and a child has been living with their mother, is the father allowed to view the child’s medical record?
    A: Unless otherwise ordered by a court, the father has the right to view their child’s medical record.

10. Q: Can I disclose a patient’s Health Information to law enforcement?
       A: HIPAA allows covered entities to disclose PHI without the prior authorization of a patient in order to comply with a court order, a warrant, a subpoena, a grand jury subpoena, or a summons by a judicial officer. PHI may also be disclosed to law enforcement to maintain public safety, to identify a missing person, or in cases of abuse or neglect.

We have created a quiz, which we recommend giving at your next staff meeting to help evaluate the level of understanding of your staff.  This quiz is NOT designed to replace your mandatory annual HIPAA training and should be used for evaluation purposes only.

Comprehensive HIPAA training should be conducted at least every 12 months.

To download a copy of this quiz, click HERE.

If it’s been a while since you’ve conducted HIPAA or any other compliance related training (OSHA, FWA, etc.), or if you need help getting started, please contact us.

Phone: 720-475-0134
Web:    www.CompliancePhD.com 
Email:  help@CompliancePhD.com
Twitter: @CompliancePhD