CMS Issues Clarification on Privacy of Protected Health Information
The Centers for Medicare & Medicaid Services (CMS) recently published on its Medicare Learning Network (MLN) a "Clarification About the Medical Privacy of Protected Health Information." The release is intended to make covered entity health care providers aware of the various guidance and educational materials available on the CMS Web site related to patient privacy matters.
The release points health care providers to available privacy guidance and contains several examples of how to obtain helpful information, outlining certain steps that may be taken for educational purposes in the event that health care providers have questions or require clarification about certain HIPAA topics, including the following:
- Ability to share information for treatment purposes. Patient authorization is not required where treatment is concerned.
- Incidental disclosures. Providers are not required to eliminate all incidental disclosures.
- Communications between providers and the families and friends of patients. Information can be shared with the families and friends of patients so long as the patient does not object.
- Calls or visits to hospitals by family, friends, clergy or others. Unless the patient objects, basic information about the patient can still appear in the hospital directory.
- Child abuse reporting. Doctors may continue to report child abuse or neglect to appropriate authorities.
- Impact on electronic communications. Use of e-mail, telephone or fax machine is appropriate, so long as common sense safeguards are in place.
In addition, the Office of Inspector General (OIG), in its Fiscal Year 2007 Work Plan indicated that it would "review the experience with the [HIPAA] administrative simplification privacy and security implementation in Medicare and Medicaid to identify key issues that may be relevant to the department's health information technology (IT) initiative," noting that the wider use of electronic medical records and personal health records raises concerns over privacy and security of patient data.
The MLN release is a reminder of the importance of HIPAA compliance efforts, especially in conjunction with the focus by the OIG on review of HIPAA privacy and security implementation in its work plan. If you should have any questions regarding any of the above topics or other HIPAA issues, please feel free to contact any of the members of the HIPAA Practice Group of Buchanan Ingersoll & Rooney or the Buchanan attorney with whom you work.