Did you know?…
Patients have a new right to restrict certain disclosures of Protected Health Information to a health plan where the patient pays out of pocket in full for the healthcare item or service. Covered Entities (i.e. that are healthcare providers) will need to employ some method to flag, or make a notation in the medical record, with respect to Protected Health Information that has been restricted so that the information is not sent to a health plan.
The Patient, and not the Covered Entity, is responsible to notify other healthcare providers of the restriction. Patients will need to figure out how they may actually accomplish this task, however what is clear is that the healthcare provider is NOT required to do so.
The restriction does not apply for the purpose of the Covered Entity collecting payment (i.e. presumably from the individual, or a family member or a collection agency) and no authorization is required. This restriction ONLY applies to Covered Entities that are healthcare providers
This change updates the previous HIPAA Privacy Rule governing patient requests for restrictions on the use or disclosure of their PHI. Previously, while physicians could refuse to abide by any such request, the new rule requires physicians and other health care providers to abide by a patient’s request not to disclose PHI to a health plan for those services for which the patient has paid out-of-pocket and requests the restriction. Of all the changes made by the new rules, this change is likely to have the greatest impact on best practice workflow both in terms of documentation and follow up to ensure the restriction is adhered to.
How would you adhere to this New Rule?