I'm currently a pre-nursing student and I started my new job at a medical office (OB/GYN) as a receptionist. I've been working in health care for over 5 yrs and I noticed that this office have patients fill out a patient intake form and thats it! I asked the office manager about the HIPAA forms and she said it's not needed because this office "doesn't give out any patient info to anyone, anyway"
The office manager has been working here for almost 2 yrs, and her previous job was not medical-related so she has no prior healthcare experience and this has me really concerned. How else can I make her understand that we need to save our butts incase something happens?
Also, when we send specimen to the lab, there's a requisition form we fill out. We add patient's insurance info and patient's home address and the office manager told me to " NEVER release patient's address to the laboratory billing dept" she says i'm violating patient's privacy rights by giving out their home address. I know for a fact that in our area MD/DC/ VA it's not required to have patient authorization in order to release information for billing purpose. I told her if the insurance does not pay, who will they send the bill to??? ugh! what do i do? what do i say without being rude? I tried explaining but everytime I do she starts to raise her voice and gets really loud and it's annoying! This woman has never been an office manager, she has no idea of what she's doing, she's a friend of the doctor (hence why she's the office manager) she can't be unprofessional at times, and I think she's mad that I'm far more knowledgeable than her and I'm always bringing up what she does wrong. I correct her to help out, not be bossy. What should i do?
Jun 2, '09
by NRSKarenRN, BSN, RN Moderator
organizations considered covered entities under hipaa are mandated to inform patients of the new privacy rights and their privacy policies and procedures (to determine whether you're a covered entity, go to http://www.cms.hhs.gov/hipaageninfo/...titycharts.pdf
are you a covered entity under the hipaa privacy standards?
the hipaa privacy standards apply to (1) health plans, (2) health care clearinghouses and (3) health care providers who transmit health information in electronic form in connection with any transaction covered under the electronic transactions standards.
note, if a medical practice engages in any electronic transaction (even only one transaction [faxing, electronic bill payment, outside billing contractor. karen
]) covered under the electronic transaction standard, then the privacy standards in their entirety apply to the medical practice. also, the hipaa privacy regulations apply to individually identifiable health information in any form, including oral, written and electronic communications.
also note, a medical practice that uses another entity, such as a billing service or hospital, to transmit standard electronic transactions on its behalf also is covered under the hipaa privacy standards.
physicians and other health care providers are required to comply with the privacy regulations beginning on april 14, 2003.
cite those "physician" sources ---article just happens to get printed out and placed in managers + doctors inbox.
[color=#2200cc]the hipaa privacy rule: three key forms - february 2003 -- family ...
the hipaa privacy rule: three key forms
complying with the hipaa privacy rule may seem trickier than pulling a rabbit out of a hat, but these forms should help.
notice of privacy practices
patient consent form
health information privacy
enforcement activities & results
from the compliance date to the present, the compliance issues investigated most are, compiled cumulatively, in order of frequency:
the most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:
- impermissible uses and disclosures of protected health information;
- lack of safeguards of protected health information;
- lack of patient access to their protected health information;
- uses or disclosures of more than the minimum necessary protected health information; and
- lack of or invalid authorizations for uses and disclosures of protected health information
how to file a hipaa privacy rule complaint
- private practices;
- general hospitals;
- outpatient facilities;
- health plans (group health plans and health insurance issuers); and,
if you believe that a covered entity violated your (or someone else's) health information privacy rights or committed another violation of the privacy rule, you may file a complaint with ocr. ocr can investigate complaints against covered entities related to the privacy rule.
anyone can file! -
anyone can file written complaints with ocr. we recommend that you use the ocr health information privacy complaint form package
Last edit by NRSKarenRN on Jun 2, '09
Jun 3, '09
by NRSKarenRN, BSN, RN Moderator
When the doctor is unable to get lab results from lab as they are unable process information from his office due to lack patient address/insurance info and STOP accepting their clients...office income drops cause not sharing info with insurance companies..... insurers audit records for QI/UR....
Doctor who hires inexperienced office manager does not show business savy...if they are willing to not follow HIPAA ..what other healthcare guidelines are they not following???
Last edit by NRSKarenRN on Jun 4, '09