Q&A: Contacting patients by mail
HIPAA Weekly Advisor, August 31, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. Our facility is taking steps to implement a “Grateful Patient Program” to help raise money. What measures must we take when contacting patients by mail to ensure that we stay within HIPAA guidelines?
A. Covered entities may use or disclose limited PHI to a business associate or institutionally related foundation for fundraising. Patient authorization is not required to use PHI for fundraising, but covered entities must tell patients about this use in their Notice of Privacy Practices. Covered entities may use or disclose the following PHI for fundraising without patient authorization:
- Demographic information relating to an individual, such as name, address, telephone number, and date of birth
- Dates of healthcare provided to an individual
Covered entities are not permitted to use diagnostic information to target their fundraising appeals to certain groups. For example, you may not use PHI to determine which individuals have been treated for breast cancer in the past five years when you send a special appeal to raise money for a new breast cancer treatment center.
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question. This is not legal advice. Consult your attorney regarding legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- CHANGES COMING: Key differences in nationwide rollout
- Searched