Appointment Reminder: HIPAA Rule Ads Additional Requirements For Patient Privacy

164
0

Appointment reminder regulation increased under new HIPAA Privacy Rule. Under the HIPAA Privacy Rule, covered entities (CEs) are restricted in how they are permitted to use and disclose protected health information (PHI). However, CEs may disclose PHI without authorization if the disclosure relates to the treatment, payment, or healthcare operations. To conduct business, CEs often provide patients with patient appointment reminders. As appointment reminders are considered part of the treatment of patients, they are permitted without prior authorization from the patient.

What is Permitted to be Disclosed in a Patient Appointment Reminder?

Sending patient appointment reminders via mail, email, or leaving a voicemail reminder, are permitted; however, before sending patients email reminders, covered entities must ensure that they have adequate safeguards in place securing the information.

When issuing patient appointment reminders, covered entities must restrict the information that they disclose in the reminder. The HIPAA Privacy Rule mandates that disclosure of PHI adheres to the minimum necessary standard. As such, when issuing patient appointment reminders, covered entities should only disclose the information needed to confirm the appointment.

The type of information that may be disclosed for appointment reminders are as follows:

  • Patient’s name
  • Appointment date and time
  • Covered entity’s name
  • Covered entity’s phone number

Disclosing information such as the nature of the patient’s appointment is considered an unauthorized disclosure of PHI. Covered entities should never disclose information regarding a patient’s treatment, health condition, or test results (via phone, email, or mail) unless patients sign an authorization form permitting their information to be disclosed in this manner. Disclosing health information without prior consent can result in the accidental disclosure of PHI, as a patient’s family member or friend may have access to the patient’s voicemail, email, or mail.

Although disclosing health information to a patient’s family member or friend is not permitted without authorization, covered entities may leave a message with a person other than the patient, provided that no health information is disclosed.

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x