Situation: in 1998, I was seen in an ER. For some reason CHAMPUS (back then) didn't pay and then all of the sudden last year it shows up on my CR as a collection account from a CA. I asked for validation and after 2 letters I receive a copy of lab results with my name and SSN on it that was faxed to them from the hospital. I have been reading about HIPPA, however, I guess I am confused as to what it all means. My understanding is that a medical provider is not allowed to send this information to a CA if it contains personal information along with the type of treatment received. If this is correct and I ask for validation, does that waive my rights under HIPPA? Or am I missing the boat completely? Any help would be greatly appreciated. Sarge-Out
Hi Army Sarge... Yes the new regulations for HIPPA took in effect On April 14, 2003. What is Hippa? Federal HIPAA Regulation Mandates Final privacy regulations were issued by the US Department of Health and Human Services for the HIPAA (Health Insurance Portability and Accountability of 1996) on August 14, 2002. HIPAA is the law right now. On April 14, 2003 penalties will be imposed to enforce compliance with the law. The HIPAA laws affect almost every healthcare provider. HIPAA will change the way all these practices do business. It defines that the information in client files belongs to the client, not the practice and MUST be protected. HIPAA will cause sweeping changes in the way that information is handled and protected. The HIPAA Privacy Rules require certain specific methods of handling the protected health information (PHI) of clients. On April 14, 2003, these changes must be implemented. Fines, penalties and possible jail time can be imposed for non-compliance. To be compliant, a practice must: HIPAA compliance. - Provide a Notice of Privacy Practices to all patients. - Obtain HIPAA-compliant agreements with all business associates - Get a signed Authorization every time patient information is released per request of a clien..t HIPAA doesn't stop there. It also requires new procedures regarding patient access to their information: New procedures must be implemented to provide patients: - Access to their medical information including providing copies at their request - Ability to make amendments their records - Accountings of any and all disclosures made of their medical information for any use other than treatment, payment and firm operations And the practice must notify each patient of these rights with a "Notice of Privacy Practices." This notice must include the patientâ??s rights, the practice's HIPAA policies and the address of where to complain. Statement from HIPPA REGULATION: April 14, 2003, the penalties will be imposed. The fines are large enough to put a practice out of business. For a simple violation, such as not documenting release of protected health information in every client file affected, the fine is $100 per standard violated, per client per year. The maximum fine per standard violated is $25,000 per year. Suppose your firm had 3,000 clients and an employee neglected to put a copy of the transaction in half the files of your practice. The fine could be 1,500 patients times $100, or $150,000. And that is for ONE violation. What would the fine be for NOT being compliant at all? And for misuse of patient data the fine could be $250,000 plus jail time. HIPAA compliance is not an option. HIPAA is the law right now. All covered entities must be compliant by April 14, 2003 or face the penalties imposed. So Yes!....You may fine these suckers for disclosing your Hippa rights... Good Luck!
Look here: http://www.hhs.gov/ocr/hipaa/ Webpage has link to do a complaint too! And me, being a medical claims examiner know the laws about that! I would definitely fry their little butts! They should never release any of that information unless you sign an authorization to release it..PERIOD!
Was the facility you were seen at providers for Champus/Tricare, or was this an emergency in a civilian facility?
I guess the question becomes this and I should have mentioned this, but it was in December 2002 when they were faxing my information all around the city without even a consent for release. From what I read HIPPA in this case would not apply, but other laws may?
Welcome back, Sarge. Since it's not my field, I don't know for sure, but since HIPPA just took effect and this transpired before the law was passed, I don't know if it can be imposed retroactively. But--make sure you contact CHAMPUS/Tricare. It may be their screw-up, and if it is you can probably get them to send a letter to help you get it removed. I know that 6 or 7 years ago, I was seen IN A MILITARY CLINIC, but by a civilian doctor. As you know, he can't charge me for that, he can only charge CHAMPUS, because, at least then , any care in a military facility was free if you had an ID card. My husband was active duty. All of a sudden, I start getting bills from a collection agency for a doctor. When I checked, it was the doctor I had seen in the military clinic. I wrote a letter, then a second, to the collection agency, but to no avail. Finally, I called CHAMPUS. The first call, I got the run around. On the second call, I got someone who understood that I was seen in a military clinic, and who said "they can't bill you for that!" I sent or faxed the copies to CHAMPUS, and they took care of it. it took a few months, but everything, including my credit report, was cleared up.
