• E-mail
• Print
• RSS

* Can we use e-mail under HIPAA?
* Disclosing financial relationships with vendors
* Pay-per-view article: Compliance and auditing: A match made in heaven

Compliance Monitor, March 3, 2003

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

Can we use e-mail under HIPAA?

Q: If a patient sends an e-mail to request a prescription refill, or a change of medication because of side effects, how does the Health Insurance Portability and Accountability Act (HIPAA) affect that communication between physicians and patients? These requests might have been handled via telephone in the past.

A: It is a perfectly acceptable to use e-mail as a method of communication between a patient and a physician, but you must take "reasonable" measures to ensure the privacy and security of a patient's health information.

According to section 164.522 (3) (b) (1) of the HIPAA privacy rule, patients have the right to request alternative means of communication other than, for example, telephone calls. E-mail could be considered one of those means. In addition, a covered entity must allow patients to access their protected health information (PHI) in the form or format they choose, as long as the PHI is readily producible in that form, according to HIPAA section 164.524 (c) (2) (i).

However, covered entities are also required to reasonably safeguard PHI. A reasonable measure would be to use e-mail encryption for these types of communications. In addition, consider informing patients of the risks of transmitting PHI via e-mail. If patients are willing to accept the risks after they have been informed, and covered entities have taken "reasonable" measures to transmit e-mail in a secure manner, it appears as though all applicable requirements have been met.

AThis question was answered by Stacie Buck, RHIA, LHRM, president, Health Information Management Associates, Inc.

Go to "Compliance and auditing: A match made in heaven" for the rest of this article. The cost is $10. Subscribers to the online version of Health Care Auditing Strategies have free access to this article. Subscribers to the print edition can find it in their March issues.

A $30 steal!

You can read this article-and much more-in the entire March issue of Health Care Auditing Strategies. Your cost: Four stories for only $30! You'll learn how to integrate the OIG's assessment and analysis process with mock audits, and how to conduct privacy assessments to verify effectiveness. Choose between a PDF or HTML version for just $30. Online subscribers have free access to this issue. Print newsletter subscribers can find it in their mailboxes.

Q:Would a hospital have any grounds to ask physicians to disclose any of their financial arrangements with medical device and pharmaceutical vendors? It seems as if these "arrangements" force a hospital to purchase from particular vendors because the physicians refuse to use products from other vendors, even though the products may be comparable. We've had a difficult time getting competitive pricing from these "preferred" vendors because they are so confident the physicians will not use other products.

A: A hospital with a well-crafted Conflict of Interest policy would ask physicians to disclose financial arrangements with any healthcare related entity, including medical device and pharmaceutical vendors. Physicians should do this on an annual basis; in the interim, you should encourage a review of any proposed arrangements. Physicians also need to be aware that such arrangements may violate anti-kickback laws and will certainly attract the attention of the Office of Inspector General as being suspicious.

This question was answered by Charles Colitre, president of Med-Management Group, Inc., a consulting firm in Akron, OH that assists physician practices and hospital systems to develop and implement compliance programs. Colitre is also a retired FBI Supervisory Agent who supervised health care fraud investigations.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive