HIPAA Fundraising now has a fully refreshed set of requirements

Key Takeaway:

HIPAA fundraising has now been cleared of all its earlier ambiguities. The HHS-issued Final Omnibus Rule of 2013 does away with many of the fallacies of the earlier legislation and arms both the patient and healthcare provider with added strengths.

The Final Omnibus Rule of 2013 passed by the Health and Human Services Department (HHS) has given hospitals and other Covered Entities much needed clarifications, and added liberties with regard to using patient information for fundraising under Health Insurance Portability and Accountability Act (HIPAA).

It has sought to clear the air about the wordings and interpretation of the earlier provisos relating to HIPAA fundraising. Till this clarification was issued, the HIPAA law in this regard was considered ambiguous in the use of language that many felt was confusing.

Highlights of the Final Omnibus Rule of 2013

Firstly, the Final Omnibus Rule of 2013 issued by the HHS permits Covered Entities to use patient information relating to these for HIPAA fundraising activities:

  • Data relating to patient demographics
  • The dates on which the patient availed the services of the healthcare provider
  • Information relating to Department of Service
  • Information about the treating physician
  • Information about the treatment outcome
  • Status of the patient's health insurance

This of course, is on the understanding that a patient can choose to decline to give information at any time, and such a decision should never be contravened.

The Notice of Privacy Practices provision

The Notice of Privacy Practices provision of the Final Omnibus Rule deals with this aspect of disclosure of patient information, called Protected Health Information (PHI). The Final Omnibus Rule considers any such information about the patient as marketing, with the exception being communication about the drugs (including generics) and biologicals that a patient is being treated with.

It requires the Covered Entities to disclose to the patient the purpose of sending out information, namely HIPAA fundraising, and offer the patient the right to opt out at any time either fully from the activity or for only some campaigns. Following this decision; the healthcare unit must stop sending further communication about HIPAA fundraising activities to the patient.

The role of PHI

An important factor in the disclosure provision in HIPAA fundraising is that all these conditions apply only to Protected Health Information. When the Covered Entity is seeking any information other than what is covered in PHI; the notice and opt out feature, naturally, does not apply.

Enhanced role for Covered Entities

Another important feature of the clarification issued by the Final Omnibus Rule of 2013 relates to the kind of PHI that Covered Entities can use for HIPAA fundraising. They can, for instance, hold back negative outcomes in some patients and highlight some positives in others. If Covered Entities have to go for HIPAA fundraising for particular ailments like say Alzheimer's, they can focus on that particular aspect of the healthcare unit to pitch for HIPAA fundraising. In other words, Covered Entities are now more empowered to use targeted patient information for HIPAA fundraising.

Click Here to Explore More