Health Information Management

HIPAA Q&A: You’ve got questions. We’ve got answers!

HIM-HIPAA Insider, September 22, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: After scheduling a colonoscopy, I received information about a colonoscopy prep company with which the practice has a business associate (BA) relationship.

The prep company's website features a photograph of my physician and an appointment reminder about my screening. My physician's practice has shared my information with a company that can provide the prep kit I need for my screening. Does this constitute marketing? Can a BA act as a cover for what is essentially forced marketing to a target group without consent? May a patient ask to see the BA contract to try to understand who benefits from the relationship and how?
A: If the prep company has publicly posted your appointment data along with your name or your picture, it is a breach of your health information. It is recommended you discuss this with the practice if this is the case.
Sharing your health information with a BA for the purpose of treatment is not considered marketing. The practice does not sell the prep kit you need for the screening. In this situation, similar to referral to another supplier to purchase other healthcare supplies, the practice is working with an outside vendor to provide these supplies.
If the prep company uses your information to market other healthcare supplies or services without your authorization, this would be considered marketing and a violation of the HIPAA Privacy Rule. In this case, you have the right to register a complaint with the practice and your regional OCR office.
The practice may or may not share its BA agreement with you because that is not an individual right granted by the HIPAA Privacy Rule.
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular