Contacting Parents, Spouses or Others to Obtain Payment

Kim Stanger
Holland & Hart - Health Law Blog
Contact
LinkedIn
Facebook
X
Send
Embed

Holland & Hart - Health Law Blog

Healthcare providers sometimes mistakenly assume that they cannot contact a patient’s spouse, parents, or other third parties to obtain payment without the patient’s consent. However, HIPAA generally allows healthcare providers to use or disclose protected health information for purposes of obtaining payment without the patient’s consent or authorization unless the provider has agreed otherwise with the patient. (45 CFR §§164.506(a), (c) and 164.524(a)). The Office for Civil Rights (“OCR”) published the following FAQ discussing this rule:

Does the HIPAA Privacy Rule permit a covered entity or its collection agency to communicate with parties other than the patient (e.g., spouses or guardians) regarding payment of a bill?

Answer: Yes. The Privacy Rule permits a covered entity, or a business associate acting on behalf of a covered entity (e.g., a collection agency), to disclose protected health information as necessary to obtain payment for health care, and does not limit to whom such a disclosure may be made.

Therefore, a covered entity, or its business associate, may contact persons other than the individual as necessary to obtain payment for health care services. See 45 CFR 164.506(c) and the definition of “payment” at 45 CFR 164.501. However, the Privacy Rule requires a covered entity, or its business associate, to reasonably limit the amount of information disclosed for such purposes to the minimum necessary, as well as to abide by any reasonable requests for confidential communications and any agreed-to restrictions on the use or disclosure of protected health information. See 45 CFR 164.502(b), 164.514(d), and 164.522.

(https://www.hhs.gov/hipaa/for-professionals/faq/266/does-the-privacy-rule-permit-a-covered-entity-to-communicate-with-other-parties-regarding-a-bill/index.html). Other HIPAA exceptions allow disclosures to personal representatives (45 CFR § 164.502(g)) or to persons involved in the patient’s healthcare or payment for the patient’s healthcare if certain conditions are satisfied. (45 CFR § 164.510).

Providers should review their patient intake documents, notice of privacy practices, and other patient documents to ensure that they have not unwittingly limited their ability to use patient information by agreeing with the patient not to make such disclosures without the patient’s consent or authorization. (See 45 CFR § 164.522(a)). 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Holland & Hart - Health Law Blog | Attorney Advertising

Written by:

Holland & Hart - Health Law Blog
Holland & Hart - Health Law Blog
Contact
more
less

Holland & Hart - Health Law Blog on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide