• E-mail
• Print
• RSS

Telephoning patient information and HIPAA

HIPAA Weekly Advisor, November 19, 2001

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: What does HIPAA say about telephoning patient information? At a hospital, will a blanket consent signed at registration be adequate to cover any active staff physician who treats the patient?

A: You should have policies and procedures in place that can reasonably establish the identify of the person to whom you disclose the information. That may involve establishing procedures to verify identity similar to those used by financial institutions when talking to customers over the phone, such as verification of Social Security number, address, zip code, mother's maiden name, or pre-assigned code words.

Q: At a hospital, will a blanket consent signed at registration be adequate to cover any active staff physician who treats the patient?

A: I am not sure what you mean by "blanket consent." However, if a hospital (or any other direct treatment provider) obtains a HIPAA compliant consent for use and disclosure of personal health information (PHI), it can share PHI for the purpose of treatment. Also, this does not fall under the minimum necessary provision. Indirect treatment providers do not need to obtain consent prior to sharing information for the purpose of treatment.

Editor's note: Questions were submitted by readers and answered by Tom Hanks, director of client services for PricewaterhouseCoopers, LLP's Health Care Practice, in Chicago. If you have a question, write to HIPAA Weekly Advisor editor Brian Driscoll at bdriscoll@hcpro.com.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive