Rehab

Be HIPAA-safe when it comes to your daily faxing

Rehab Regs, January 21, 2003

Be HIPAA-safe when it comes to your daily faxing

Train your staff about the dangers of improperly faxed documents to save your organization from potential liability, experts warn.

Though not as stringent as some other regulations in the privacy rules from the Health Insurance Portability and Accountability Act of 1996 (HIPAA), faxing requirements have some teeth.

"You have to be very careful about who you are faxing to and the numbers that you are using," says Debbie Troklus, assistant vice president for compliance at the University of Louisville.

According to Jeffrey R. Berner, MS, PT, owner of Professional PT and Associates, in Edgewater, FL, a PT rarely needs to fax patient information to another PT, unless transferring patient care from one PT to another.

The majority of therapy faxing occurs between the therapist and physician office. These faxes normally include a cover sheet with all of the patient's insurance information, the therapy prescription, the physician's diagnosis, and maybe a doctor's plan of care.

"In addition, the PT would fax the initial evaluation, which has all of the past medical history and the plan of care," Berner says.

Avoid a potential problem
The HIPAA privacy regulations define the faxing of records as a "reasonable activity" for treatment, and these rules were not designed to impede treatment.

However, accidents occur in which you could use the wrong number, sending the patient's information to some unknown company. This is something to watch for, Troklus says.

Here are a few tips from Troklus to avoid any fax-related problems:


 Make a confidentiality notice part of your cover sheet.

Include this brief note: Confidentiality Notice: This fax transmittal and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret, or privileged information.

Any unauthorized review, use, disclosure, or distribution is prohibited and may be a violation of law.

If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender and destroy all copies of the original message immediately.

 Do not send over too much information.

Send only the minimum amount of information needed by the physician for treatment purposes.
 Call people before you fax the information to them, or write a request for a call-back on the cover sheet.

This can let you know that the correct person received the patient information. Then document that you did this in a log.

 Send faxes during office hours.

Sending them at night can prove to be disastrous, because transmittals can be misplaced or, worse, after-hours eyes, such as the cleaning help, may check out the information.

"If you put a cover sheet with the patient information, [make sure to] add a note asking people who receive the information by error to call you," Troklus says.

"This will alert you to the fact that you do have a wrong number and you can reprogram your fax machine to fix the incorrect number," she says.

A therapy practice in Hartford, CT, went one step further. Last fall, it assigned a local intern the job of updating all fax numbers.

But even then, it's possible to send the wrong information. At that point, the only thing you can do is to request that the recipient destroy the information. Under HIPAA rules, this would be a "reasonable effort" to solve the problem.

When the HIPAA laws first came out, some thought was given to encoding faxes so that the only people who could read the messages were senders and receivers, Berner says. There is no technology for this type of coding system, however, so an encoding system will not be required.

Most Popular

Related Articles