Complying with the HIPAA Nondisclosure Rule

June 8, 2015

Under the HIPAA Omnibus Rule, patients can request a restriction on disclosure of PHI to a payer if they pay out of pocket, in full for a service.

Under the HIPAA Omnibus Rule, patients can request a restriction on a disclosure of PHI to a health plan if they pay out of pocket, in full for the service. Practices must agree to such a request unless they are required by law to bill that health plan (as is the case with some Medicaid plans).

During a session at the Medical Group Management Association 2014 Annual Conference, Loretta Duncan, senior medical practice consultant with malpractice insurer the State Volunteer Mutual Insurance Company in Brentwood, Tenn., shared some of her compliance tips:

• If the service the patient does not want disclosed is bundled with something else, explain that the patient may need to pay more out-of-pocket costs than expected.

• Make sure that communication is tight between all staff and departments regarding nondisclosure.

• Document your new nondisclosure policies and procedures.

• Be careful when e-prescribing, as pharmacies may bill to the insurance plan before the patient has a chance to let the pharmacy know that the information should not be disclosed.

For more on complying with this rule, and with other HIPAA rules related to new patient rights, visit bit.ly/new-rights.