Q&A: Contacting patients by mail
HIM-HIPAA Insider, August 31, 2009
Q. Our facility is taking steps to implement a “Grateful Patient Program” to help raise money. What measures must we take when contacting patients by mail to ensure that we stay within HIPAA guidelines?
A. Covered entities may use or disclose limited PHI to a business associate or institutionally related foundation for fundraising. Patient authorization is not required to use PHI for fundraising, but covered entities must tell patients about this use in their Notice of Privacy Practices. Covered entities may use or disclose the following PHI for fundraising without patient authorization:
- Demographic information relating to an individual, such as name, address, telephone number, and date of birth
- Dates of healthcare provided to an individual
Covered entities are not permitted to use diagnostic information to target their fundraising appeals to certain groups. For example, you may not use PHI to determine which individuals have been treated for breast cancer in the past five years when you send a special appeal to raise money for a new breast cancer treatment center.
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question. This is not legal advice. Consult your attorney regarding legal matters.
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA Omnibus Rule
Understand the HIPAA Omnibus Rule and what you must do to ensure compliance
-
Patient Privacy Under HIPAA: Keep it to yourself, Third Edition
Provide fundamental HIPAA privacy and security training for new and seasoned staff.
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Note from Hugh
- CMS seeks comment on quality measures
- Note from the instructor: OIG report on usage of financial liability "G" modifiers
- CMS releases new QAPI resources
- HIPAA Q&A: Receiving faxed HEDIS requests
- Remind your workforce members to ’zip their lips’ when it comes to patient privacy
- Recent Recovery Auditor activity
- CMS says it's not too late to avoid payment adjustments
- Documentation of medical necessity drives successful RA appeals
- Q/A: How do we report therapy G codes and modifiers for multiple therapies?
- E-mailed
-
- Note from the instructor: OIG report on usage of financial liability "G" modifiers
- Q/A: How do we report therapy G codes and modifiers for multiple therapies?
- HIPAA Q&A: Receiving faxed HEDIS requests
- CMS says it's not too late to avoid payment adjustments
- FDA makes new proposal related to C. diff and other threatening pathogens
- Eyes see more ICD-10-CM codes because of laterality
- News: Study shows increase in observation services
- Product of the week: Optimizing PEPPER in the Audit Environment
- Dangers of reporting costs improperly
- CMS releases new QAPI resources
- Searched