Are HIPAA forms always required in a medical office?

Nurses General Nursing

Published

I'm currently a pre-nursing student and I started my new job at a medical office (OB/GYN) as a receptionist. I've been working in health care for over 5 yrs and I noticed that this office have patients fill out a patient intake form and thats it! I asked the office manager about the HIPAA forms and she said it's not needed because this office "doesn't give out any patient info to anyone, anyway"

The office manager has been working here for almost 2 yrs, and her previous job was not medical-related so she has no prior healthcare experience and this has me really concerned. How else can I make her understand that we need to save our butts incase something happens?

Also, when we send specimen to the lab, there's a requisition form we fill out. We add patient's insurance info and patient's home address and the office manager told me to " NEVER release patient's address to the laboratory billing dept" she says i'm violating patient's privacy rights by giving out their home address. I know for a fact that in our area MD/DC/ VA it's not required to have patient authorization in order to release information for billing purpose. I told her if the insurance does not pay, who will they send the bill to??? ugh! what do i do? what do i say without being rude? I tried explaining but everytime I do she starts to raise her voice and gets really loud and it's annoying! This woman has never been an office manager, she has no idea of what she's doing, she's a friend of the doctor (hence why she's the office manager) she can't be unprofessional at times, and I think she's mad that I'm far more knowledgeable than her and I'm always bringing up what she does wrong. I correct her to help out, not be bossy. What should i do?

Up Vote Up Vote ×
Specializes in Peds, Neuro, Psych,Home Health, Telemetr.
I'm currently a pre-nursing student and I started my new job at a medical office (OB/GYN) as a receptionist. I've been working in health care for over 5 yrs and I noticed that this office have patients fill out a patient intake form and thats it! I asked the office manager about the HIPAA forms and she said it's not needed because this office "doesn't give out any patient info to anyone, anyway"

The office manager has been working here for almost 2 yrs, and her previous job was not medical-related so she has no prior healthcare experience and this has me really concerned. How else can I make her understand that we need to save our butts incase something happens?

Also, when we send specimen to the lab, there's a requisition form we fill out. We add patient's insurance info and patient's home address and the office manager told me to " NEVER release patient's address to the laboratory billing dept" she says i'm violating patient's privacy rights by giving out their home address. I know for a fact that in our area MD/DC/ VA it's not required to have patient authorization in order to release information for billing purpose. I told her if the insurance does not pay, who will they send the bill to??? ugh! what do i do? what do i say without being rude? I tried explaining but everytime I do she starts to raise her voice and gets really loud and it's annoying! This woman has never been an office manager, she has no idea of what she's doing, she's a friend of the doctor (hence why she's the office manager) she can't be unprofessional at times, and I think she's mad that I'm far more knowledgeable than her and I'm always bringing up what she does wrong. I correct her to help out, not be bossy. What should i do?

First of all your the new one there so telling the Doctors friend what to do is probably not a good idea at first, Teach with respect to her position I know it's difficult sometimes in this field to be patient at times but if it's practiced it goes alot better. respect to all in this field is a part of being a team player. If there are policies one doesn't know or federal regulations such as the privacy laws you have to remember the old school nurses are still familiarizing themselves this is all new to many of us. So try to use a lower tone and keep a smile on your face and practice practice patience! Also you may want to ask the Doctor where his/her policy procedure manual is and if it includes the new privacy forms!....just a thought. Good Luck!

Up Vote Up Vote ×
Specializes in Derm/Wound Care/OP Surgery/LTC.

Can't speak for your state but here in Florida, it is state law that every patient sign off on a HIPAA form stating they have knowledge of their rights. Wanna be smart? Get yourself a copy of policies and procedures related to HIPAA. Familiarize yourself with it. Make sure YOU stay within the boundaries of the law. Sadly it sounds like this woman has a real chip on her shoulder so you may never get through to her. Surely doesn't mean you shouldn't cover your own butt to a certain degree. :)

Up Vote Up Vote ×
Specializes in Vents, Telemetry, Home Care, Home infusion.

organizations considered covered entities under hipaa are mandated to inform patients of the new privacy rights and their privacy policies and procedures (to determine whether you're a covered entity, go to http://www.cms.hhs.gov/hipaageninfo/downloads/coveredentitycharts.pdf

are you a covered entity under the hipaa privacy standards?

the hipaa privacy standards apply to (1) health plans, (2) health care clearinghouses and (3) health care providers who transmit health information in electronic form in connection with any transaction covered under the electronic transactions standards.

note, if a medical practice engages in any electronic transaction (even only one transaction [faxing, electronic bill payment, outside billing contractor. karen]) covered under the electronic transaction standard, then the privacy standards in their entirety apply to the medical practice. also, the hipaa privacy regulations apply to individually identifiable health information in any form, including oral, written and electronic communications.

also note, a medical practice that uses another entity, such as a billing service or hospital, to transmit standard electronic transactions on its behalf also is covered under the hipaa privacy standards.

physicians and other health care providers are required to comply with the privacy regulations beginning on april 14, 2003.

http://www.mssny.org/mssnyip.cfm?c=f&nm=covered_entities

cite those "physician" sources ---article just happens to get printed out and placed in managers + doctors inbox. ;)

[color=#2200cc]the hipaa privacy rule: three key forms - february 2003 -- family ...

the hipaa privacy rule: three key forms

complying with the hipaa privacy rule may seem trickier than pulling a rabbit out of a hat, but these forms should help.

notice of privacy practices

authorization form

patient consent form

health information privacy

http://www.hhs.gov/ocr/privacy/index.html

enforcement activities & results

from the compliance date to the present, the compliance issues investigated most are, compiled cumulatively, in order of frequency:

  1. impermissible uses and disclosures of protected health information;
  2. lack of safeguards of protected health information;
  3. lack of patient access to their protected health information;
  4. uses or disclosures of more than the minimum necessary protected health information; and
  5. lack of or invalid authorizations for uses and disclosures of protected health information

the most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:

  1. private practices;
  2. general hospitals;
  3. outpatient facilities;
  4. health plans (group health plans and health insurance issuers); and,
  5. pharmacies.

how to file a hipaa privacy rule complaint

if you believe that a covered entity violated your (or someone else's) health information privacy rights or committed another violation of the privacy rule, you may file a complaint with ocr. ocr can investigate complaints against covered entities related to the privacy rule.

anyone can file! - anyone can file written complaints with ocr. we recommend that you use the ocr health information privacy complaint form package

Up Vote Up Vote ×
Specializes in Vents, Telemetry, Home Care, Home infusion.

PS:

When the doctor is unable to get lab results from lab as they are unable process information from his office due to lack patient address/insurance info and STOP accepting their clients...office income drops cause not sharing info with insurance companies..... insurers audit records for QI/UR....

Doctor who hires inexperienced office manager does not show business savy...if they are willing to not follow HIPAA ..what other healthcare guidelines are they not following???

Up Vote Up Vote ×
+ Add a Comment