Member Forum

1.  consent to treat forms

Posted 3 days ago
Hello all,

Any ideas where to get: consent to treat, billing consent, and HIPPA forms? Thanks.

Marie

------------------------------
Marie Amina Aryan, NP-C
FNP
Lakewood, Colorado
FNP/owner
Lakewood Family Health Clinic
Lakewood CO
303-578-8191
------------------------------


2.  RE: consent to treat forms

Posted 3 days ago
HIPAA I can answer.  CMS has great stuff. Look at their FAQ.
Biilling consent is covered by HIPAA- you can use peoples' PHI for your operations, like billing.  NO NEED FOR ANY SPECIFIC CONSENT.  Ditto for discussing patients with referring docs, or even curbside consults. Bottom line is,if you're using the info to treat or bill, you can, no special permission needed.You need to take "ordinary precautions"  to avoid being overheard.  You can use email, telephone, text, video, etc for exchanging or gathering patient info.You have to have a PLAN to safeguard the PHI.You have to make a risk assessment. It has to be in writing.Big deal.
But encryption is NOT required, for example.If you use computers, the EMR should have a logon, and passphrases should be generated, not made up by people.  I've attached my computer security blurb.

I'm not sure if those "agree to pay" statements are anything more than setting an expectation.

Many organizations' HIPAA policies are written by someone who didn't understand HIPAA, and often, staff don't really understand your policy.
There is GREAT info at https://www.hhs.gov/hipaa/for-professionals/covered-entities/fast-facts/index.html

"A provider or plan may also share relevant information with these persons if, using its professional judgment, it believes that you do not object.
For example, if you send your friend to pick up your prescription for you, the pharmacist can assume that you do not object to their being given the medication." http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/consumer_ffg.pdf

There's no point in writing policies to hamstring yourself!!

CMS made sample policies at 
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/model-notices-privacy-practices
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/npp_booklet_hc_provider.pdf

Also, there is no such thing as "HIPAA Compliant" products!  (You can USE products to comply w HIPAA, but that's the job for covered entities like you and me. Products are just tools.)

"We have received reports that some consultants and education providers have claimed that they or their materials or systems are endorsed or required by HHS or, specifically, by OCR. In fact, HHS and OCR do not endorse any private consultants' or education providers' seminars, materials or systems, and do not certify any persons or products as "HIPAA compliant." The Privacy Rule does not require attendance at any specific seminars. All of OCR's materials are available free on this web site.

If you believe anyone is making false or misleading representations about HHS or OCR in regard to HIPAA training and compliance, please notify us via email at ocrcomplaint@..." id="anch_87" target="_blank" rel="noopener noreferrer">ocrcomplaint@... or by postal mail at Office for Civil Rights, 200 Independence Ave, S.W., Room 509F, Washington, D.C. 20201."



------------------------------
Peter Liepmann
Bakersfield CA
5183026006
------------------------------



3.  RE: consent to treat forms

Posted 2 days ago
Did you already look in the forms library?
Button to get there on the right side of the home page along with the articles library button.

And if anyone has more of their own they want to share with the group, it's very quick and easy for each member to load into the library.

Melissa Weakland, MD
Ballard Neighborhood Doctors
5416 Barnes Ave NW
Seattle, WA 98107
Phone: (206)-297-7678
Fax: (206)-297-5930




4.  RE: consent to treat forms

Posted 2 days ago
Thank you for all the information!
Marie





5.  RE: consent to treat forms

Posted 2 days ago
Sorry for the rant- HIPAA was actually throughly thrashed out with the help of the medical community, and it was written to be reasonable. Then hospital and other facility lawyers wrote policies that hamstring health care.

About what I said on people not understanding HIPAA- here's a quiz:

We're all familiar with this dance- you need some information from a previoius treating doctor or hospital, and they won't send it to you without a signed consent form.
Q: What kind of form does HIPAA require so you can request old records to continue treating a person??

A: From theOffice for Civil Rights (OCR) at HHS:
The Privacy Rule does not require you to obtain a signed consent form before sharing information for treatment purposes.  Health care providers can freely share information for treatment purposes without a signed patient authorization.

You go to the pharmacy to pick up your husband's Imitrex because he has a killer migraine and can't get out of bed.  They tell you you can't pick it up without a signed note from the patient allowing you to pick up the prescription.
Q:This is required by HIPAA, since that's what the pharmacy tech told me, right?

A: From the Office for Civil Rights (OCR) at HHS:
Can a patient have a friend or family member pick up a prescription for her?

Answer:
Yes. A pharmacist may use professional judgment and experience with common practice to make reasonable inferences of the patient’s best interest in allowing a person, other that the patient, to pick up a prescription. See 45 CFR 164.510(b). For example, the fact that a relative or friend arrives at a pharmacy and asks to pick up a specific prescription for an individual effectively verifies that he or she is involved in the individual’s care, and the HIPAA Privacy Rule allows the pharmacist to give the filled prescription to the relative or friend. The individual does not need to provide the pharmacist with the names of such persons in advance.

Q: A doctor I referred a patient to sent a quick email to my office, summarizing their visit, findings, and identifying the patient.  This was a HIPAA violation, right?   Am I required to report this?

A:  The Privacy Rule is not anti-electronic.  You can communicate with patients, providers, and others by e-mail, telephone, or facsimile, with the implementation of appropriate safeguards to protect patient privacy.  (My note- so you can't communicate about a patient through a public Facebook page. Email is private enough.)

Q:  Did HIPAA introduce new requirements for informed consent?/ How does the HIPAA Privacy Rule change the laws concerning consent for treatment?

Answer:
The Privacy Rule relates to uses and disclosures of protected health information, not to whether a patient consents to the health care itself. As such, the Privacy Rule does not affect informed consent for treatment, which is addressed by State law.

Q:    Does the HIPAA Privacy Rule permit hospitals and other health care facilities to inform visitors or callers about a patient’s location in the facility and general condition?

Answer:   https://www.hhs.gov/hipaa/for-professionals/faq/483/does-hipaa-permit-hospitals-to-inform-visitors-about-a-patients-location/index.html

Q:   What is the difference between “consent” and “authorization” under the HIPAA Privacy Rule?
See link-
*********************************************
The problem with HIPAA is, you can't fight myth and ignorance.  90% of the time someone requires an authorization, it's not required under HIPAA.  The da@#$ned lawyers get involved, and write a privacy policy for the facility that gets in the way of patient care for no good reason, usually because they didn't understand HIPAA, and why it was written the way it was. 
"The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. (My note- WHICH ARE ALREADY SPECIFICALLY ALLOWED WITHOUT FORMAL NOTICE, UNDER HIPAA!! Why would you want to introduce more paperwork?)  Covered entities that do so have complete discretion to design a process that best suits their needs."  (In other words, they're allowed to be stupid.)

"As a reminder, permitted uses and disclosures must be addressed in a covered entity’s Notice of Privacy Practices.  HHS offers model notices of privacy practices for both health care providers and health plans.  These model notices are available for free download, in English and in Spanish, at http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/model-notices-privacy-practices

It is our hope that the fact sheets will be helpful tools that help clarify HIPAA and support the goals of interoperability of health information. 

Read the fact sheets

My HIPAA notice in my old office went something like this:

"We use personal health information (PHI) about you to take care of you, and to work with other doctors to take care of you.
We also use it for billing and similar "office operations." 
Other uses not related to taking care of you (life insurance applications, etc.,) require your specific permission.
YOU DON'T HAVE TO READ THE REST OF THIS.  
(More detail, examples.) "

Hope this helps.



------------------------------
Peter Liepmann
Bakersfield CA
5183026006
------------------------------



6.  RE: consent to treat forms

Posted 2 days ago
I did not know that a written HIPPA consent to provide treatment is not legally required (which is great, because most people have questions about what it means anyway-and the form ends up in the trash). I also used some of the forms from the library. Useful, thanks for sharing.

Marie

------------------------------
Marie Amina Aryan, NP-C
FNP
Lakewood, Colorado
FNP/owner
Lakewood Family Health Clinic
Lakewood CO
303-578-8191
------------------------------



7.  RE: consent to treat forms

Posted 9 hours ago
Aaah- two clarifications-
  1. "Covered entities are required to provide a notice in plain language (Notice of Privacy Practices.) "  Posting it is probably enough, but there's no harm in having people sign something saying they've been offered a copy.  Some offices use their sign in sheet for this. (At the top- "PLEASE SIGN IN SO WE KNOW YOU ARE HERE.  I am here to see (practice), and consent to treatment. I have been offered a copy of the practice's privacy policies.")   https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/privacy-practices-for-protected-health-information/index.html
  2. Your state will have laws regarding consent for treatment.  Generally it applies to procedures, but IMO, it's a good idea to have people sign something that says, "By coming [in to be seen,/to a visit with (the practice)] you give consent to be interviewed, examined and treated in the usual course of events, and agree to pay for services. You agree you have been offered a copy of our 'notice of privacy practices', which just says we use your information to treat you and bill for services, etc.."  May depend on your state law.  The state should have more info.
Lawyers.
HIPAA can be easy, but you can't ignore it.  You have to have a notice, risk assessment, etc. You can say, "The office is locked when not in use. This, plus passphrase protection of the EMR provides adequate security."

------------------------------
Peter Liepmann
Bakersfield CA
5183026006
------------------------------