JO - Health Care Compliance Association
JO - Health Care Compliance Association
JO - Health Care Compliance Association
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ASK<br />
John asks the leadership<br />
your questions<br />
Editors note: John Falcetano is<br />
Chief Audit/<strong>Compliance</strong> Officer for<br />
University <strong>Health</strong> Systems of Eastern<br />
Carolina and a long-time member of<br />
HCCA. This column has been created<br />
to give members the opportunity to submit their questions by e-mail<br />
to Jfalcetano@cox.net and have John contact members of HCCA<br />
leadership for their response.<br />
L E A D E R S H I P<br />
John Falcetano<br />
Is it okay for a health care facility to leave a message for a patient<br />
on the answering machine at their home or with a family member to<br />
remind them of an appointment, or would that be a violation of HIPAA?<br />
The Answer was provided by Marti Arvin, JD, CHC, CIPP/G CPC<br />
Privacy Officer, University of Louisville:<br />
As a general rule, calling a patient to leave an appointment reminder is<br />
not a violation of HIPAA. An appointment reminder can be left on an<br />
answering machine, with a family member, or with another person who<br />
answers the phone. When these types of calls are made, the concept of<br />
minimum necessary should always be kept in mind. The Office of Civil<br />
Rights addressed this issue in its Frequently Asked Questions which<br />
can be found at http://www.hhs.gov/ocr/hipaa/. The FAQ answer #198<br />
indicated that “... a covered entity might want to consider leaving only<br />
its name and number and other information necessary to confirm an<br />
appointment, or ask the individual to call back.”<br />
HIPAA does require the covered entity to put the patient on notice that<br />
protected health information might be disclosed for this purpose. See<br />
45 CFR 164.520(b)(1)(iii)(A). This means the covered entity’s notice<br />
of privacy practices must specifically state this as a potential disclosure.<br />
It would be a HIPAA violation to leave this type of message on the<br />
patient’s answering machine if the covered entity’s notice of privacy<br />
practices did not specifically address this situation.<br />
Finally, if a patient has made a reasonable request for a confidential<br />
communication, a message may not be left on the individual’s answering<br />
machine if this would violate the confidential communication<br />
request. For example, if the patient has asked that all communications<br />
be done through a cell phone number, then leaving a message on the<br />
home answering machine would be a violation of the confidential communication<br />
request. See 45 CFR 164.522(b). n<br />
<strong>Health</strong> <strong>Care</strong> <strong>Compliance</strong> <strong>Association</strong><br />
2006 Conferences (by state):<br />
San Francisco, CA<br />
■ Physician Practice <strong>Compliance</strong><br />
Conference<br />
October 1-3<br />
Orlando, FL<br />
■ Audit & <strong>Compliance</strong> Committee<br />
Academy<br />
September 20-22<br />
■ <strong>Compliance</strong> Academy<br />
November 6-9<br />
Honolulu, HI<br />
■ Hawaii Area Meeting<br />
October 19-20<br />
Chicago, IL<br />
■ North Central Area Meeting<br />
October 6<br />
Louisville, KY<br />
■ Tri-State Area <strong>Compliance</strong><br />
Conference<br />
November 3<br />
Baltimore, MD<br />
■ Medicare Part D<br />
September 10-12<br />
ON<br />
■ Fraud & <strong>Compliance</strong> Forum<br />
September 25-27<br />
Boston, MA<br />
■ New England Area Meeting<br />
September 8<br />
Minneapolis, MN<br />
■ Upper Midwest Area Meeting<br />
September 15<br />
T H E<br />
C A L E N D A R<br />
Las Vegas, NV<br />
■ 3rd Annual Research Conference<br />
September 17-19<br />
■ Advanced Academy<br />
October 23-26<br />
Pittsburgh, PA<br />
■ Mid Atlantic Area Meeting<br />
September 29<br />
Nashville, TN<br />
■ South Central Area Meeting<br />
November 10<br />
2007<br />
Chicago, IL<br />
■ <strong>Compliance</strong> Institute<br />
April 22-25<br />
■ National Corporate<br />
<strong>Compliance</strong> Week<br />
May 20-26<br />
INSIDE<br />
3 Ask leadership<br />
4 HIPAA compliance recipe<br />
5 Go local<br />
10 Corporate Integrity<br />
Agreement<br />
14 Meet Lea Cobb<br />
18 President & CEO letter<br />
20 Medical marketing<br />
compliance <br />
22 FYI<br />
24 New Medicare enrollment<br />
regulations<br />
32 Using mental health<br />
records for research<br />
36 <strong>Compliance</strong> investigations<br />
44 New members<br />
888-580-8373 • www.hcca-info.org<br />
September 2006