JO - Health Care Compliance Association

ASK
John asks the leadership
your questions
Editors note: John Falcetano is
Chief Audit/Compliance Officer for
University Health Systems of Eastern
Carolina and a long-time member of
HCCA. This column has been created
to give members the opportunity to submit their questions by e-mail
to Jfalcetano@cox.net and have John contact members of HCCA
leadership for their response.
L E A D E R S H I P
John Falcetano
Is it okay for a health care facility to leave a message for a patient
on the answering machine at their home or with a family member to
remind them of an appointment, or would that be a violation of HIPAA?
The Answer was provided by Marti Arvin, JD, CHC, CIPP/G CPC
Privacy Officer, University of Louisville:
As a general rule, calling a patient to leave an appointment reminder is
not a violation of HIPAA. An appointment reminder can be left on an
answering machine, with a family member, or with another person who
answers the phone. When these types of calls are made, the concept of
minimum necessary should always be kept in mind. The Office of Civil
Rights addressed this issue in its Frequently Asked Questions which
can be found at http://www.hhs.gov/ocr/hipaa/. The FAQ answer #198
indicated that “... a covered entity might want to consider leaving only
its name and number and other information necessary to confirm an
appointment, or ask the individual to call back.”
HIPAA does require the covered entity to put the patient on notice that
protected health information might be disclosed for this purpose. See
45 CFR 164.520(b)(1)(iii)(A). This means the covered entity’s notice
of privacy practices must specifically state this as a potential disclosure.
It would be a HIPAA violation to leave this type of message on the
patient’s answering machine if the covered entity’s notice of privacy
practices did not specifically address this situation.
Finally, if a patient has made a reasonable request for a confidential
communication, a message may not be left on the individual’s answering
machine if this would violate the confidential communication
request. For example, if the patient has asked that all communications
be done through a cell phone number, then leaving a message on the
home answering machine would be a violation of the confidential communication
request. See 45 CFR 164.522(b). n
Health Care Compliance Association
2006 Conferences (by state):
San Francisco, CA
■ Physician Practice Compliance
Conference
October 1-3
Orlando, FL
■ Audit & Compliance Committee
Academy
September 20-22
■ Compliance Academy
November 6-9
Honolulu, HI
■ Hawaii Area Meeting
October 19-20
Chicago, IL
■ North Central Area Meeting
October 6
Louisville, KY
■ Tri-State Area Compliance
Conference
November 3
Baltimore, MD
■ Medicare Part D
September 10-12
ON
■ Fraud & Compliance Forum
September 25-27
Boston, MA
■ New England Area Meeting
September 8
Minneapolis, MN
■ Upper Midwest Area Meeting
September 15
T H E
C A L E N D A R
Las Vegas, NV
■ 3rd Annual Research Conference
September 17-19
■ Advanced Academy
October 23-26
Pittsburgh, PA
■ Mid Atlantic Area Meeting
September 29
Nashville, TN
■ South Central Area Meeting
November 10
2007
Chicago, IL
■ Compliance Institute
April 22-25
■ National Corporate
Compliance Week
May 20-26
INSIDE
3 Ask leadership
4 HIPAA compliance recipe
5 Go local
10 Corporate Integrity
Agreement
14 Meet Lea Cobb
18 President & CEO letter
20 Medical marketing
compliance
22 FYI
24 New Medicare enrollment
regulations
32 Using mental health
records for research
36 Compliance investigations
44 New members
888-580-8373 • www.hcca-info.org
September 2006