Jbentz

I agree with Jeannine regarding the information on the EOB. This can be considered part of the payment process and is allowed without a written authorization.

I have not heard of this requirement, and a POA is an overkill if you just want to help get a claim paid. We are a clinic with over 150 physicians, and I have been their Privacy Officer for three years. I have never seen a POA for an employer, nor would we request one. We would, however, request a HIPAA compliant Authorization before releasing information. There are many kinds of POAs, ranging from financial, health, or all empowering. I will let the legal gurus chime in on this, but I would never require a POA to release information to an employer. Perhaps there is a state law requiring this, but I have never heard of this requirement.

I agree that if you use a HIPAA compliant auth form that will be between the EMPLOYEE and the insurance company, with permission to release the PHI to the EMPLOYER/benefit specialist you will not be required to comply with the other admin duties. The purpose listed should be very clear that it is for assisting the employee with claims adjudication (you may even want to list specific date of service). With the correct auth form, you are not giving the group health plan any PHI.

We do have our PATIENT Notice translated into Spanish, but because of the Medicare and Medicaid guidelines, not HIPAA. For our plans, we only have ours in English.

I know we were required to do this for our ACE and OHCA, so I did a search of the regs. I found under 164.520 "(d) Implementation specifications: joint notice by separate covered entities. Covered entities that participate in organized health care arrangements may comply with this section by a joint notice, provided that: (1) The covered entities participating in the organized health care arrangement agree to abide by the terms of the notice with respect to protected health information created or received by the covered entity as part of its participation in the organized health care arrangement; (2) The joint notice meets the implementation specifications in paragraph (b) of this section, except that the statements required by this section may be altered to reflect the fact that the notice covers more than one covered entity; and (i) Describes with reasonable specificity the covered entities, or class of entities, to which the joint notice applies; (ii) Describes with reasonable specificity the service delivery sites, or classes of service delivery sites, to which the joint notice applies; and (iii) If applicable, states that the covered entities participating in the organized health care arrangement will share protected health information with each other, as necessary to carry out treatment, payment, or health care operations relating to the organized health care arrangement. So yes, I think yit is required.

As a provider, we accept these as documents, as long as healthcare is included. We accept them under the personal representative clause under HIPAA and we only require that we have a copy in the patient's files.

If they won't accept that argument, even if it does fall under the HIPAA regulations, you can use the information for operations purposes. This would qualify under 164.501, definitions of operations: (3) Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care (including stop-loss insurance and excess of loss insurance), provided that the requirements of § 164.514(g) are met, if applicable; Either way, covered or not, I think they can release that information to you.

AshleyL, I know the on-site, off-site makes no sense to me either. We have both, so I always throw in the "medical care is secondary or incidental" part of the regs. My first requirement in my HIPAA employee training to "please leave your common sense outside. You will not be needing it for the next two hours." )

jgf810, It does sound like that each plan is a separate covered entity, but you need to go to to FR 164.104 in the HIPAA regs and see if you meet the definition of an Affiliated Covered Entity (ACE) for each. There are certain requirements you must meet, but it does make things easier for the paperwork - notice, BAAs, etc... I have done this for providers who are covered entities, but I read the regs and I think you can also do it for health plans. It is worth checking out.

No, I don't the plan is a CE, based on the following Q&A from the OCR's website: "Are the following types of insurance covered under HIPAA: long/short term disability; workers'compensation; automobile liablity that includes coverage for medical payments? Answer No, the listed types of policies are not health plans. The HIPAA Administrative Simplification regulations specifically exclude from the definition of a “health plan” any policy, plan, or program to the extent that it provides, or pays for the cost of, excepted benefits, which are listed in section 2791©(1) of the Public Health Service Act, 42 U.S.C. 300gg-91©(1). See 45 CFR 160.103. As described in the statute, excepted benefits are one or more (or any combination thereof) of the following policies, plans or programs: - Coverage only for accident, or disability income insurance, or any combination thereof. - Coverage issued as a supplement to liability insurance. - Liability insurance, including general liability insurance and automobile liability insurance. - Workers’ compensation or similar insurance. - Automobile medical payment insurance. - Credit-only insurance. - Coverage for on-site medical clinics - Other similar insurance coverage, specified in regulations, under which benefits for medical care are secondary or incidental to other insurance benefits. " I think you have an arugument whether it is on-site or off-site, because it it secondary or incidental to your other insurance benefits. It also does not sound like you have any type of enrollment, etc....

As for HIPAA privacy regs, you are not affected becuase you are not a covered entity. The company that you contract may be, if they are part of a clinic or a hospital, but that depends on how the have catagorized themselves under HIPAA. The company may have to pass out Notices, etc... (the Occ Med department at my clinic does.)

I do not think it qulaifies under FMLA for the exact same reasons. Do you have a policy for an LOA when it is outside of FMLA? Depending on the policy wording, this may qualify.

I don't know what state you are in, but most states have some kind of HIPAA organization. Indiana's is www.indianahipaa.org. They are a wealth of knowledge. I would think that SHRM would also have some info. Also try www.hipaaadvisory.com for overall information.

A few other thoughts... Since the patient is in a clinical trial, find out exactly what cost the patient is responsible for. Most clinical trials compensate the participants in some way. It is possible that the procedure or the drug that the trial is for will be provided; they may just be looking to cover hospital and ancillary services. I would also ask WHY they consider it experimental in nature. This will allow you to research find out under the FDA is THEY consider it experimental. Good luck.

I use the "three legged stool" method for my analysis for BAs that AHIMA (American Health Information Management Association) recommends: 1) Are you sharing PHI? 2) Are they outside your workforce? 3) Are they doing something on your behalf? All three answers must be yes or they do not qualify. If your service provider still disagrees, then ask them to tell you why under the definition under 160.103. I also ask for them to document their decision so I may send it to our attorney and to the OCR for clarification. That usually brings them around to my way of thinking. Let me know if you need any further help, will be glad to help.

I would have your sister look at the company's leave policy and attendence policy. She might get more help from written documentation than an HR person. Depending on the employee's status, the company has the right to track all time for the intermittent leave. Just because it is not a block of time does not mean they get more than 12 weeks in a rolling calendar for the FMLA. I would also keep going up the HR ladder, this has the potential to be an HR nightmare.

I would have your sister look at the company's leave policy and attendence policy. She might get more help from written documentation than an HR person. Depending on the employee's status, the company has the right to track all time for the intermittent leave. Just because it is not a block of time does not mean they get more than 12 weeks in a rolling calendar for the FMLA. I would also keep going up the HR ladder, this has the potential to be an HR nightmare.

I agree with Kowen, you are not a BA of the plan, nor are you a personal rep. If they will not bend under the suggestions from Kowen, you might also try having the arbitrator making it very clear what information is to be shared. It is possible that the arbitrator's decision may have a loop hole in it by not being specific enough (what information is to be given to you, etc...) If the decision just states to meet and calculate an appropriate remedy, that does not necessarily mean they will share reports with you. You may also try getting a HIPAA compliant authorization from each of the Union members to share all claim information with the Union, using the time period in question. This may be a chore depending on how many members you are representing, but they cannot argue with that. You may want to post your question to the WediSnip website http://www.wedi.org/listserve/ and choose the listserve for privacy for a different audience perspective. Good luck.

I used to be a compliance auditor, and usually it is based on a percentage of 3 to 5%, with an error rate of 98% or better. Under 98% and it is another 5%. Under 95% and they are on a Performance Improveemnt Plan. I would be extremely cautious of only a 250 claim limit. If a consistent error is found, you need to be able to view all claims that fit criteria to resolve the issue, whether it be 10 claims or 1000. This is especially true when dealing with Medicaid and Medicare as a secondary payor. If they believe that an error has occured that cost them money, you will need to have additional audits for their benefit.

Is the qualification of a QB based on the status of employee or spouse of employee? If both my husband and I are covered under his insurance and he leaves the company, we both have separate QB rights upon his termination. If we signed up together, then I would not have the QB designation, but woudl be a dependent of a QB. Since I signed up on her own, and then added the child, i believe both myself and my child are QBs. What am i not seeing?

This is a gray area depending on which family member has access. The employee, or the guarantor, can fall under the payment definition, but other family members, and each situation is tricky and most would not fall under that provision. I would be using a HIPAA compliant authorization for the release so you are violating thier rights. If not, spouses, college age children, and emancipated minors could be real issues. You can also run up against state laws protecting minors and certain treatment issues (STDs, etc...)

Does a dental plan not qualify under the HIPAA speical enrollment requirments? A dental plan is a group health plan, correct? Do they honor these requirments?

I went to the regs and under 164.504 (4)(f)(1)(i): (f)(1) Standard: Requirements for group health plans. (i) Except as provided under paragraph(f)(1)(ii) or (iii) of this section or as otherwise authorized under § 164.508, a group health plan, in order to disclose protected health information to the plan sponsor or to provide for or permit the disclosure of protected health information to the plan sponsor by a health insurance issuer or HMO with respect to the group health plan, must ensure that the plan documents restrict uses and disclosures of such information by the plan sponsor consistent with the requirements of this subpart. (ii) The group health plan, or a health insurance issuer or HMO with respect to the group health plan, may disclose summary health information to the plan sponsor, if the plan sponsor requests the summary health information for the purpose of : (A) Obtaining premium bids from health plans for providing health insurance coverage under the group health plan; or (B) Modifying, amending, or terminating the group health plan. or in connection with any other benefit or employee benefit plan of the plan sponsor; So, what does your plan document say about restrictions? You might also try asking for summary health information, rather than the high claimant information. Hope this helps. Judith

Just from a personal standpoint, it would be hard to argue that they are not an eligible outpatient expense if they are covered and paid by the health plan when it is an inpatient expense. I would check the plan documents of both plans.

Dave, you made my day! I have always wanted to order my own anvil... Judith B.