Latest and Greatest in HIPAA Rules
-
Upload
benefit-express -
Category
Recruiting & HR
-
view
565 -
download
1
Transcript of Latest and Greatest in HIPAA Rules
Health Insurance Portability and
Accountability Act (“HIPAA”)
By
Larry Grudzien
Attorney at Law
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• The Health Insurance Portability and Accountability Act (HIPAA) of 1996 applies to all group health plans:
Including:
• Self-insured plans,
• Insured plans, and
• HMOs
• It applies to a number of areas: Special enrollment periods
Health Status and Genetic Information Nondiscrimination Rules
Lifetime and Annual Dollar Limits; Prohibition on Rescissions
Guaranteed-Availability and Guaranteed-Renewability Rules for Large Group, Small Group, and Bona Fide Association Plans
New disclosure rules
Wellness programs
Privacy
Introduction to HIPAA
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• An employee welfare benefit plan to the extent that the plan provides medical care to employees or their dependents directly or through insurance, reimbursement or otherwise. - ERISA §733(a)1), PHSA §2791(a)(1)
• Automatic Exceptions: AD&D insurance,
Disability income insurance,
Liability insurance,
Supplement to liability insurance.
Worker’s compensation
Auto medical payment insurance
Credit only insurance, and
Coverage for on-site medical clinics.
Code §§ 9831(b)-9832(c)(1), ERISA §§732(b)-733(c), PHSA §§ 2721(c)- 2791(c) (1)
What is a HIPAA Group Health Plan?
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Group health plans must: Allow employees and dependents to enroll mid-year.
In three specified situations:
• Loss of other coverage,
• Acquisition of new dependent and
• Gain eligible for Medicaid or CHIP.
• Employees and beneficiaries subject to this right are not treated as “late enrollees.”
• Benefits of this special enrollment right.
Code §9801(f), ERISA §701(f)(1), PHSA §2701(f)(1)
Special Enrollment Rights
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Loss of other coverage:
COBRA was exhausted; or
Either lost eligibility for employer coverage or the employer contribution
for coverage ceased.
• Must request enrollment within 30 days of loss.
• No requirement to elect COBRA.
Code §9832(f), ERISA §701(f)(1), PHSA §2701(f)(1)
Special Enrollment Rights
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Acquisition of new dependent because:
Marriage; or
Adoption, placement for adoption or birth.
• Employee has right to enroll self and new dependent.
• Must enroll within 30 days of event.
• Effective date of coverage.
• Notice requirements.
• Special rights for COBRA beneficiaries.
Temp Treas. Reg. §54/9801-6T(b), DOL Reg. §2590.701-6(b), 45 CFR
§146.117(b)
Special Enrollment Rights
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Special enrollment rights are available if the employee or dependent becomes
eligible for assistance, with respect to coverage under the plan through either a
Medicaid plan under Title XIX of the Social Security Act, or the state children's
health insurance program (CHIP) under Title XXI of the Social Security Act.
• The employee who is eligible, but not enrolled, for coverage under the terms of
the plan (or a dependent of such an employee if the dependent is eligible, but
not enrolled, for coverage under such terms) may enroll in the plan upon
becoming eligible for state premium assistance subsidy if special enrollment is
requested in a timely manner.
• If an employee or dependent becomes eligible for state premium assistance
subsidy, a plan must allow for a period of at least 60 days for the employee to
request coverage under the plan after such eligibility is determined.
Special Enrollment Rights
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Group health plans must not discriminate based on an
individual’s health status in:
Eligibility - initial, continuing or late enrollment.
Premiums or Contributions - determining the amount.
Code §9802, ERISA §702, PHSA §2702
Health Status Discrimination Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Prohibited Discrimination in Eligibility: Group Health Plan must not base eligibility rules on health status related
factors, but may:
• Exclude coverage for particular benefits,
• Establish limitations or restrictions,
• Exclude coverage for participation in dangerous activities, and
• Not deny benefits for injury resulting from act of domestic violence or a medical condition.
Temp Treas. Reg. §54.9802-1T(b), DOL Reg. §2590.702(b,) 45 CFR §146.121(b)
Health Status Discrimination Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Prohibited Discrimination in Premiums/Contributions: Group Health Plan may not charge greater premiums or contributions among
similarly situated employees, but:
• Insurers are not limited in amount they may charge for premiums,
• Plans may charge different amounts to different groups, and
• Plans may charge different amounts for employees and their dependents.
Code §9802(b), ERISA §702(b), PHSA §2702(b)
Health Status Discrimination Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Prohibited Discrimination in Premiums/Contributions: Health Status Factors:
• Health status
• Medical condition
• Claims experience
• Health care utilization
• Medical history
• Genetic information
• Evidence of insurability
• Disability
Wellness programs:
• Wellness incentives are permitted, but
• Payment may not be based on results.
Health Status Discrimination Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Plan provisions that condition eligibility on nonconfinement or
the ability to engage in normal life activities are impermissible
under HIPAA's nondiscrimination rules.
• In addition, provisions that raise individual premiums or
contributions based on confinement or the inability to engage
in normal life activities violate HIPAA's nondiscrimination-in-
premium rules.
Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• The agencies conclude that traditional actively-at-work and
continuous-service provisions are prohibited by HIPAA's
nondiscrimination provisions.
• The regulations provide that such clauses can be retained
only if employees who are absent because of health
conditions are treated as if they are actively at work and such
an absence is not counted when calculating continuous
service.
Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A plan is permitted to require an individual to begin work
before coverage becomes effective (often referred to as a
first-day-of-work rule), if the rule applies regardless of the
reason for the individual's absence.
• In addition, a plan may terminate coverage for failure to
satisfy a minimum hours of service requirement (so long as
individuals absent for health reasons are treated no less
favorably than are employees absent for non-health reasons).
Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• GINA prohibits group health plans and group health insurance
insurers from adjusting group premium or contribution amounts
on the basis of genetic information.
• Plans and insurers are not prohibited from increasing group
premiums based on the manifestation of a disease or disorder
in an individual enrolled in the plan, but the disease or disorder
in one individual cannot be used as genetic information about
other group members (e.g., a family member) to further
increase the premium or contribution amount.
Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Group health plans and group health insurance issuers are also
generally prohibited from requesting or requiring an individual or
an individual's family members to undergo a genetic test.
• There are three exceptions to this prohibition—for certain health
care professionals, for determinations regarding payment, and
for research.
• Group health plans and group health insurance issuers are
prohibited from collecting genetic information, either for
underwriting purposes or prior to or in connection with
enrollment.
Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Lifetime dollar limits are prohibited and annual dollar limits are first restricted, and
later prohibited, with respect to “essential health benefits.
• “Essential health benefits” include minimum benefits in ten general categories and
the items and services within those categories, as defined by HHS. The categories
are:
ambulatory patient services;
emergency services;
hospitalization;
maternity and newborn care;
mental health and substance use disorder services, including behavioral health
treatment;
prescription drugs;
rehabilitative and habilitative services and devices;
laboratory services;
preventive and wellness services and chronic disease management; and
pediatric services, including oral and vision care.
Lifetime and Annual Dollar Limits
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Q: Who must cover Essential Health Benefits?
A: All non-grandfathered, insured plans in the individual and small group
markets – on and off the Exchange/Health Insurance Marketplace –
Are required to provide EHBs, with the start of plan years that begin on or after
January 1, 2014 (policy years in the case of individual policies).
No other plans are required to provide EHBs.
However, if they cover any benefits defined as EHBs, they cannot impose any
annual or lifetime .
Lifetime and Annual Dollar Limits
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health care reform greatly expands HIPAA's guaranteed-
availability rules for the group market by making these rules
applicable to health insurance insurers in the large and small
group markets and effecting the other changes discussed
below, effective January 1, 2014.
• It does not apply to grandfathered plans.
• Each health insurer that offers health insurance coverage in the
individual or group market (regardless of whether the coverage
is offered in the large or small group market) is required to
accept every employer and individual in the state that applies
for such coverage.
Guaranteed Availability Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health insurers offering coverage in the small and large group markets in a
state must accept all employers that apply for coverage in the state, effective
January 1, 2014.
• Enrollment may be restricted to open or special enrollment periods.
• Health insurers in the small group market can apply minimum participation
rules other than during the annual open enrollment period from November 15
to December 15 of each year.
• Insurers in the large group market may not impose minimum contribution or
participation rules because large employers generally do not present the same
adverse selection risk as small employers.
Guaranteed Availability Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• To the extent permitted under state law, an insurer can
discontinue all products in the small group market without having
to also discontinue all products in the large group market.
• When renewing a product, insurers in the small group market
must provide each plan sponsor a written notice of renewal at
least 60 calendar days before the renewal date.
• The law guarantees an employer the right to renew or continue in
force the coverage it purchased in the small (or large) group
market even if the employer ceases to be a small (or large)
employer by reason of an increase (or decrease) in its number of
employees.
Guaranteed Availability Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• An issuer can refuse to renew a group policy if the plan sponsor
fails to comply with a material plan provision relating to employer
contribution or group participation rules, pursuant to applicable
state law.
• For this purpose, an “employer contribution rule” means a
requirement relating to the minimum level or amount of employer
contributions toward the premium for enrollment of participants and
beneficiaries.
• The term “group participation rule” means a requirement relating to
the minimum number of participants or beneficiaries that must be
enrolled in relation to a specified percentage or number of eligible
individuals or employees of an employer.
Guaranteed Renewability Rules
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• “Health plans are required to protect and safeguard a participant’s or covered dependent’s personal health information (PHI) from impermissible use or disclosure and they must obtain a patient’s content for certain uses and disclosures.
• What is required to protect information?
• What information is protected?
• What steps must a health plan and the employer do to comply?
General Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health plans must: Establish written policies and procedures to protect PHI.
Protect and safeguard a participant’s or covered dependent’s personal health information (PHI).
Obtain participant’s or covered dependent’s written permission for certain uses of PHI.
Notify a participant and/or covered participant of policies of disclosure and use of PHI.
Report impermissible use or disclosure of PHI.
Allow a participant and/or covered dependent to inspect or copy his or her PHI.
Use and disclose only the “minimum necessary” health information.
Enter into Business Associate Agreements.
What is Required
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• All medical records and other individually identifiable health information held or disclosed by a health plans in any form, whether communicated electronically, on paper or orally.
• Health plans may release PHI to employers without authorization in very limited circumstances.
• Three conditions must be met: Provider must provide service at the request of employer or as an employee;
Service provided must relate to medical surveillance of workplace or an evaluation to determine individual has workplace injuries or illness; and
Employer must have legal requirement under state or federal law to keep records.
45 CFR §160.103
Protected Health Information (PHI)
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Group health plans do not need to obtain a participant’s or a covered dependents consent to release information for the administration of the plan.
• Plan sponsor’s obligation depends on whether it receives protected health information, summary health information or no health information.
• Obligations, if it receive only summary health information.
• Required plan amendments.
• Obligations, if it receives protected health information.
Plan Sponsor Obligations
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• HIPAA Privacy Policy
• HIPAA Privacy Use and Disclosures
• Notice of Privacy Practices
• Business Associate Contracts
• Authorization for Release of Information
• Amendment to Health Plan Document
• Amendment to Health Plan SPD
• Plan Sponsor Certification to Health Plan
Necessary Documents to Comply
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Documents for Implementing individual Rights:
Request to inspect or copy PHI
Request to amend or correct PHI
Request for Accounting of Disclosures of PHI
Request for restrictions on Use or Disclosure of PHI
Necessary Documents to Comply
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health plans are allowed to use or disclose PHI in the following circumstances:
as required in accordance with an individual’s right to access PHI;
for covered functions (i.e., treatment, payment, or health care operations);
with respect to specific types of information after the opportunity to agree
or object;
pursuant to an individual’s authorization ; and
as required or permitted under HIPAA’s public policy exceptions and a
limited data set may be disclosed when certain requirements are met.
Consent Issues – Introduction
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A health plan may use and disclose PHI without authorization:
For its own treatment, payment, and health care operations;
For the treatment activities of another health care provider;
To another covered entity for the payment activities of the entity receiving the
information, and
To another covered entity for certain health care operations activities of the
entity that receives the information if each entity has (or had) a relationship
with the individual who is the subject of the PHI, the PHI pertains to such
relationship, and the purpose of the disclosure is one of those listed in the
regulations.
45 CFR §164.501
Treatment, Payment, and
Healthcare Operations
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• The health plan may use and disclose PHI if individual has had opportunity to, prohibit the disclosure of such information in advance regarding to:
Disclosures of limited types of information to family members or close
personal friends of the individual for care, payment for care, notification,
and disaster relief purposes; and
Uses and disclosures of limited types of information for facility directory
purposes (generally not applicable to health plans).
Exceptions
Requiring an Opportunity to
Agree or Object
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Individual authorizations are required whenever the use or disclosure is not permitted under privacy rules.
• May request authorization for another entity for:
Any purpose.
But especially, before sending any marketing material.
Requiring Individual Authorizations
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health plans may disclose PHI without authorization:
If required by law;
To certain designated public agencies, individuals and the employer;
Regarding an individual if a victim of designated abuse and certain other
conditions are met;
To a health oversight agency;
In response to certain court proceedings;
To a law enforcement officials if certain conditions are met;
To a coroner or medical examiner of ID purposes;
To organ procurement organizations for transplant purposes;
To prevent health threat;
For certain specified government purposes;
To comply with Worker‘s Compensation purposes.
45 CFR §164.512
Without Individual Authorization
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Covered entities must recognize a personal representative’s
authority and provide information within that authority.
• But certain exceptions do apply.
• Parent’s authority.
• Spouse’s authority.
45 CFR §164.502(b)
Personal Representatives,
Minors, & Spouses
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What is Required?
Health plans must establish policies and procedures with respect to PHI that
complies with:
• HIPAA standards,
• Implementation specifications,
• Other requirements.
Privacy Policy and Procedures
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Who is required to provide notices?
Covered entities (Health Plan)
• What must the notices describe?
Uses and disclosures of PHI that may be made by the covered entity,
Individual’s rights, and
Health plan’s legal duties with respect to PHI.
Privacy Notices
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What are a health plan’s duties?
Must provide own privacy notices if it has access to PHI.
A health plan may arrange to have another entity to provide notice, but will
be responsible if no notice is provided.
Privacy Notices
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A health plan must designate a privacy official.
• Privacy official is responsible for the development and implementation of policies and procedures.
• A privacy officer must be designated for each subsidiary that is a covered entity. A single corporate officer could be designated for multiple subsidiaries.
Privacy Official
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Covered entities must designate a contract person or office for
receiving complaints.
Such designation must be documented.
Contact person must be able to provide additional information about
matters that are covered in privacy notice.
Contact Person
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Apply to the electronic storage and transmission of PHI.
• General effective date - April 21, 2006.
• Covered entities must implement appropriate administrative, technical and physical safeguards for PHI.
• Privacy rules require “appropriate safeguards” for protecting PHI.
• No guidelines for PHI in oral, written or non-electronic form.
45 CFR § 160.103
Healthcare Security Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What information must be protected? Any information transmitted by electronic media, maintained in electronic
media or maintained in other form or medium.
What is electronic media?
• Certain transmissions are not covered.
Healthcare Security Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What are the four general security requirements?
Ensure the confidentiality, integrity and availability of all electronic PHI that the covered entity creates, receives, maintains or transmits.
Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.
Ensure compliance by the workforce.
Healthcare Security Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What are the security standards? Administrative safeguards,
Physical safeguards, and
Technical safeguards.
• Covered entities must:
use reasonable and appropriate measures to accomplish the requirements.
engage in risk analysis to determine how to comply.
Healthcare Security Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• All covered entities must standardize the format and content of all electronic transactions when engaging in “covered transactions,”
• These are called the EDI Standard.s
45 CFR § 162.923(a).
Electronic Transaction Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What are “covered transactions”?
Health claims and equivalent encounter information,
Eligibility for health plan,
Referral certification and authorization,
Health claim status,
Enrollment and disenrollment in a health plan,
Health care electronic funds transfer (EFT,
Health plan premium payments,
Coordination of benefits
First report of injury,
Health claims attachments, and.
Other transactions.
Electronic Transaction Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What are the EDI Standards requirements?
Covered entities in conducting covered transactions must use standardized
formats and content, as well as uniform codes in communicating with other entities.
Only those entities who conduct ”standard transactions” electronically or engage others to do so are subject to EDI standards.
Health plans are considered to be covered entities and must comply with the EDI Standards, along with the additional requirements.
Electronic Transaction Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• What transactions and transmissions are covered? Is the entity conducting the transaction a covered entity (or its business
associate)?
Does the transaction fall within the definition of one of the covered transactions?
• Covered entities must comply with the EDI Standards in
certain stated transactions.
• Transactions within a covered entity are subject to the EDI Standards.
Electronic Transaction Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• EDI Requirements:
Applies to transactions transmitted using electronic media.
Does not apply to any transactions conducted in paper or over the
telephone
Does not apply to non-covered entities.
Does not apply to group health plans with under 50 participants.
Does not apply to health plan sponsors because they are not covered
entities.
Electronic Transaction Requirements
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A covered entity or business associate must presume that an
acquisition, access, use, or disclosure of PHI in violation of the
privacy rule is a breach.
• This presumption holds unless the covered entity or business
associate demonstrates that there is a “low probability” that the
PHI has been compromised based on a risk assessment that
considers at least the following factors:
the nature and extent of the PHI involved, including the types of identifiers
and the likelihood of re-identification;
the unauthorized person who used the PHI or to whom the disclosure was
made;
whether the PHI was actually acquired or viewed; and
the extent to which the risk to the PHI has been mitigated.
Security Breach
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Upon discovering a breach, a covered entity is required to meet
stringent requirements related to the timing, method, and content
of breach notification.
• Notification is required to affected individuals, to HHS, and in
certain instances, to the news media.
• A covered entity must, however, temporarily delay notification if
instructed to do so by a law-enforcement official in instances
where the delay is necessary because notification would impede
a criminal investigation or cause damage to national security
Security Breach
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• The breach regulations also contain requirements for notification
by business associates.
• Following discovery of a breach, the business associate is
required to notify the covered entity of such breach.
• A business associate must, however, temporarily delay
notification if instructed to do so by a law-enforcement official in
instances where the delay is necessary because notification
would impede a criminal investigation or cause damage to
national security.
Security Breach
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A breach will be treated as “discovered” by a business associate
as of the first day the breach is known to the business associate,
or by exercising reasonable diligence would have been known to
the business associate.
• A business associate is deemed to have knowledge of a breach
if the breach is known, or by exercising reasonable diligence
would have been known, to any person (other than the person
committing the breach) who is an employee, officer, or other
agent of the business associate (determined in accordance with
the federal common law of agency).
Security Breach
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• A group health plan may not share PHI with plan sponsor except for disclosure of:
De-identified information,
Group health plan enrollment and disenrollment information,
Limited summary health information for insurance placement and settlor function,
PHI to plan sponsor personnel involved in plan administration when certain requirements are met, and
Pursuant to authorization.
Final Thoughts: Sharing PHI w/
Plan Sponsor
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Health plans can not provide access to PHI to plan sponsors
without certain plan provisions and safeguards.
• Disclosure must be for “plan administrative functions.”
• Health care providers and health plans may use and disclose PHI
with an individual’s “authorization” for any purpose provided in
the authorization.
Certain Employer Functions
Require Authorization
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• These functions include:
Plan must not condition treatment or payment on receipt of an authorization.
In some circumstances, an employer may condition employment on receipt of authorization.
Authorization may be required to obtain PHI for purposes of FMLA or ADA.
An authorization may be required for an employer to assist employee with a claim.
An authorization may be required for an employer to receive reports from EAP.
Certain Employer Functions
Require Authorization
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• HIPAA includes numerous exceptions to broad use and
disclosure rules.
• Common employer practices that fall under these exceptions:
State/Federal disclosure requirements,
Workers’ compensation, and
Health information contained in employment records.
Exceptions for Some Common
Employer Practices
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
• Change office behavior
Shred pertinent documents- do not simply discard them.
Prohibit staff from accessing a participant’s medical records to learn a
neighbor’s birthday or to satisfy a similar form of curiosity.
Do not leave messages about a participant’s health on an answering
machine or with someone other than the patient or doctor.
Avoid discussions about a participant’s claims in elevators, cafeteria or other
public places.
Avoid paging participant’s using identifiable information.
Do not fax information without knowing that the persons to whom the fax is
addressed is ready to receive it.
Do not allow faxes to sit on an office machine where unauthorized people
may see them.
Special Concerns
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC
Larry Grudzien
• Phone: 708-717-9638
• Email: [email protected]
• Website: www.larrygrudzien.com
Contact Information
Copyright 2015- Not to be reproduced without express permission of Benefit Express Services, LLC