Physician Practice

Q&A: Protecting patient privacy when interacting with a patient's employer

Physician Practice Insider, October 20, 2015

Q: I have a question about a scenario that occurred in the medical office where I am employed. A patient's employer called to make an appointment for one of our patients. We listened to the caller but did not disclose any information about the patient. The employer said he was taking the patient to the emergency department (ED). Our policy is to follow up with any patient who visits the ED. Is it a HIPAA violation to let the employer know this is our policy? Would it be a violation to allow the employer to make the follow-up visit and then let the patient know about the appointment? I understand this may not be the best practice, but I'm not sure if we are violating HIPAA in any way.

A: Informing the employer of your policy regarding follow-up with patients is not a HIPAA violation. You are not disclosing any PHI about the patient. There is no violation of HIPAA if you schedule a follow-up appointment through the employer as long as you do not communicate any information about the patient's condition to the employer. It's not the best method of following up with the patient, but it's not a violation. If you do permit the employer to schedule the follow-up appointment, it's a good idea to also reach out to the patient and let him or her know the appointment has been scheduled.

Editor's note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question in the October issue of Briefings on HIPAA.

Most Popular