• Home
    • » e-Newsletters

HIPAA Q&A: Home health patient information books

Compliance Monitor, June 20, 2012

Q: A home health agency was informed by an assisted living facility that the home health agency may not leave its patient information book at the facility because doing so violates HIPAA. The patient information book does not include any PHI. The assisted living facility stated the home health agency could not see patients if it leaves the patient information book. State law requires the home health agency to distribute information contained in the patient information book. Does leaving the patient information book at the assisted living facility violate HIPAA?

A: No. HIPAA addresses protecting the privacy of individually identifiable health information or PHI. If state law requires making certain information available to residents of a long-term care facility such as an assisted living facility, the home health agency would be in violation of state law if the information was not made available to residents. Nothing prohibits leaving what appears to be educational material for residents to review.
If the purpose of the patient information book is marketing services provided by the home health agency, the gray area of HIPAA regulations that pertains to marketing requires examination. As long as the same information is available to all residents and is not used to target marketing to certain individuals with specific diagnoses, this practice does not violate the marketing provisions of HIPAA or HITECH.

Editor's note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Ore. answered this question, which first appeared in the May
Briefings on HIPAA. Apgar has more than 17 years of experience in information technology; he specializes in security compliance, assessments, training, and strategic planning. Apgar is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy and Security Forum.

Most Popular