Jump to content

breech of confidentiality


Recommended Posts

Here is something that just struck me. I am a health professional and I just realized that there is a debt listed on my credit report which breeches my confid. Does any one have any input in this. This could be important because everyone that looks at this report now knows the doctor and her specialty, which is very embarrassing, no I can't spell but in my line of work I dont need to :p Any way I think this is a true issue, what do you think?????? :~

Link to comment
Share on other sites

  • 2 months later...

bfre2bme - You're looking at a serious HIPAA violation ! As someone in the medical profession, you know what HIPAA means and the protections it affords.. Use it to get that entry off your report or at least modified to protect your privacy.

Is this a paid collection or unpaid ?

Link to comment
Share on other sites

I don't know right at this moment.. have yet to read the laws on this HIPPA Act, but here I am still seeing credit reports with medical debt included... but the telling part is the names of the medical provider being included in the notation identifying original creditor.

I think credit reporting agencies are exempt to a degree, but I have not come up with the proper interpetation on this yet... will be soon though.

Link to comment
Share on other sites

Actually we need to look at that new bill just passed on 9/10 on the FCRA. One of the provisions was to make sure that medical data was NOT showing on a credit report. It is personally identifiable medical info, and as such it should fall under HIPAA to get that off a credit report - PHI - protected health information. I'd attack it from that angle.

Link to comment
Share on other sites

Lady, am I to understand that no Medical bills can be reported on a CR? I ask because if listed as a Hospital or GP, there is no ID of the health problem, only that you visited for a health problem, while, reported under a Specialist, such as a Podiatrist, it would show a definite Medical problem. Can you clarify, please? I must admit I still don't fully understand HIPPAA.

Link to comment
Share on other sites

  • 2 weeks later...

I have made half hearted efforts so far to read this bill... actually I am quite overwhelmed by the size and reach in subject which this document covers! It is starting to look like the Tax Code!!! So much information to dig through.

Everytime I do a search I just keep coming up short of the relevant information, heck the collection agencies are having to pay good money themselves just to train people on how to abide be these new rules. It is crazy trying to figure out.

Link to comment
Share on other sites

retmar,

Protected Health Information (PHI) that can NOT be seen by anyone by the patient can NOT be reported. I believe a hospital reporting you owe it money is fine, but if there is ANYTHING to identify why you were there, kind of treatment, etc., that can NOT be revealed. I'll ask our HIPAA compliance person here and see what she can tell me, as well as dig thru our information here. We have tons of policies we must adhere to and they're always putting out HIPAA info.

Link to comment
Share on other sites

Thank you both for the responses.

That is my problem KB. There is just too much to try and grasp.

Lady, your response is what I had thought you would say. Generalized is OK, but, personal is not. I do agree that would be the most logical way to separate the two. BUT, one issue I could see going either way is "Emergency Room". Mainly because a creditor can allow their imagination to run wild by seeing this. To better explain, let's say someone went to the Emeregency Room for a Broken Finger. Since it is not displayed, a creditor could assume that person went due to having a Mini-Stroke or were terminally ill and thought the end was near. You know how imaginations run these days in all areas of society. I may be out in left field with my thoughts, but, it does appear to present a problem to me.

Link to comment
Share on other sites

I found this

http://www.epic.org/privacy/medical/#federalLaw

Limits on uses and disclosures

"Covered entities" that hold PHI may use it without an individual's consent for the purposes of providing treatment to the individual, for payment activities such as claims adjudication and premium setting, and for operating their businesses. They are also permitted to use and disclose PHI as required or permitted by other laws, e.g., laws related to reporting of child or elder abuse, public health oversight and national security investigations. However, those who have PHI must obtain an individual's signed authorization for use of PHI in marketing, research, fundraising, or any other activities that are not part of treatment, payment, health care operations, and other categories specifically identified under the Privacy Rule. A few types of disclosures require that the individual be given an opportunity to agree or object to the disclosure, e.g., whether information should be included in a hospital directory or given to clergy. Based on the professional judgment of a health care professional, some disclosures may be made to friends and family who are involved in an individual's care if such disclosures are found to be in the best interest of the individual.

Link to comment
Share on other sites

Sis, that is a good find. Thank you!

I must admit it does pose another question. The reference to "payment activities such as claims adjudication and premium setting", appears to reference to Health Insurance only, while "and for operating their businesses" appears to be very broad as one could assume this would include collection activity as the provider is allowed to collect all monies due, which means third party collections, and, a collector is allowed sufficient information from the provider to assist in the collection. Opinions please!

Link to comment
Share on other sites

Thats just why I put it here, so we could pick it apart. I first though, hm, they can report it. But the more I read it, the more I thought maybe not. It is not going to help their business run or operate by reporting this to the cr. Nor is a ca or reporting to a cr anything to do with premiums or claims. Lets see what we can get out of this. I bet others have thoughts too.

Link to comment
Share on other sites

So, do you interpret this to mean that the CA has access to all medical info in your file? I had a CA to tell me where I went to an ER, Why I went and what the outcome was. (i.e., Jacob, my son, went to er on a cetain date for open cheek wound and had stitches). That didn't sound like the kind of info they should have had.

Link to comment
Share on other sites

I found this

http://www.epic.org/privacy/medical/#federalLaw

Limits on uses and disclosures

"Covered entities" that hold PHI may use it without an individual's consent for the purposes of providing treatment to the individual, for payment activities such as claims adjudication and premium setting, and for operating their businesses. They are also permitted to use and disclose PHI as required or permitted by other laws, e.g., laws related to reporting of child or elder abuse, public health oversight and national security investigations. However, those who have PHI must obtain an individual's signed authorization for use of PHI in marketing, research, fundraising, or any other activities that are not part of treatment, payment, health care operations, and other categories specifically identified under the Privacy Rule. A few types of disclosures require that the individual be given an opportunity to agree or object to the disclosure, e.g., whether information should be included in a hospital directory or given to clergy. Based on the professional judgment of a health care professional, some disclosures may be made to friends and family who are involved in an individual's care if such disclosures are found to be in the best interest of the individual.

This is a GREAT thread, so I thought I would add a bit more that goes along with the above post from sis:

In addition to specific restrictions on uses and disclosures, the Privacy Rule imposes a general "minimum necessary" requirement on those who hold and use PHI. Except for disclosures to the individual who is the subject of PHI or disclosures for treatment purposes, organizations must limit their uses and disclosures to "minimum necessary" information required to perform a task. They must have policies and procedures that specify what PHI can be viewed by different classes of employees within their workforces, what PHI should be released in response to routine inquiries, and must have a process in place for deciding what PHI should be released in response to non-routine requests.

"Covered entities" must also have formal contracts with their business associates, which use PHI to perform functions on their behalf. Examples of business associates include law firms, accounting firms, accreditation organizations, credentialing services, billing services and third-party administrators. Business associate agreements must stipulate that the business associate will safeguard PHI and will assist the "covered entity" in complying with its obligations with regard to individual rights and oversight by the Secretary of Health and Human Services.

*********************************************

Now, my question - After filing complaints with the BBB & AG's office on behalf of DH regarding a ca, the ca forwarded "private health information" to the BBB & AG's office. Wouldn't it be a violation? As stated above "covered entities" must has an agreement with their business associates to "safeguard PHI". Obviously if they forwarded all copies of medical bills to 2 different 3rd parties they didn't saveguard the PHI. Am I correct or since these services were performed prior to the HIPAA law would they not be covered?

This thread is really good. It is amazing after you read something so many times that you still pickup new information.

paw67

Link to comment
Share on other sites

As to the way I read and understand the law and also the way you explained what happened to you, I would agree that it is a violation. But, I am not an expert in any fashion, so, let this sit and see if any of the more informed can supply some input. LadynRed is quite knowldegable about HIPPAA, and, maybe she will see this and reply.

Link to comment
Share on other sites

Debtors in collection will never be assured absolute privacy even under the new guidelines! The original concern was listing the name of the provider as the creditor and the concern was the world surmizing what it was the doctor patient was being treated for. If that's the case, so be it. What can reasonably be done other than using a cryptic code in lieu of the providers name? The solution ultimately is pay for services at the time of treatment and confidentiality will be assured! Regardless of HIPAA, anytime information is collected and entered into an online system for reimbursement or solely for medical records, absolute privacy can never be assurred.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.. For more information, please see our Privacy Policy and Terms of Use.