March 9, 2017
 
Question:


Hello Jennifer!

Our HIPAA form is from our software provider. It is a standard form. Do we need an updated form? The Company said that it is HIPAA approved/compliant.

Does the form need to specifically ask who we can discuss their information with?

Does it need to specifically ask if we can e-mail, text, call? Or is a general “communication” allowed to work?

Do we need permission to send x-rays to a specific dentist that we are referring the patient to? Or can we have general permission to send to multiple doctors?

When sending x-rays, does the e-mail need to be encrypted?
When someone revokes the HIPAA compliance, can I still send their claim form to the insurance?

It’s a lot of questions, I know. Please advise.
Thank you!

Dr. P

Answer: 

I have reviewed the consent. I do recommend you switch to ours. www.healthcarepracticecompliance.com so that the patients provide the correct contact information and consent to type of contact, etc. I also do not love the wording of the actual consent on the one provided.  
 
First, I would need to see the software provider's recommended form to comment on specific.  I can say all I have reviewed may qualify as "HIPAA compliant", but have not been, in my assessment, functional for client use.  Many times the software provider free form is a basic consent to release of protected health information and does not contain the specific consent for care we have on our Consent for Use and Disclosure, which has the patient specifically authorize email, phone and snail mail communications.  

To get specific in response - 

Does the form need to specifically ask who we can discuss their information with?  - yes if you are discussing with other than the patient.  
Does is need to specifically ask if we can e-mail, text, call?   Yes – I recommend you have approval per modality. 

Do we need permission to send x-rays to a specific dentist that we are referring the patient to? Or can we have general permission to send to multiple doctors?  I recommend confirmation the doctor is a treating provider before sharing – but another covered entity is an authorized disclosure. 

When sending x-rays, does the e-mail need to be encrypted? – The email must be "Protected" through reasonable means for protection.  “Reasonable means” is not defined by HIPAA, but means reasonable protections you can implement or would be excepted to implement.  One such protection is using an encrypted email system.  

When someone revokes the HIPAA compliance, can I still send their claim form to the insurance?  Depends on the language of the revocation and what you allow – I wouldn’t allow revocation effective to claims submissions for post-treatment services. 

Feel free to send over the software form and I will take a look free of charge.  It is incredibly important we get your forms right; proper paperwork will save you.  Your HIPAA compliance  is the gateway to your practice.  I've had cases where clients are embarrassed to send over what they are using - if that is the case, just order the All-In-One and lets clean house.  

Provided by:  Jennifer Kirschenbaum, Esq.
 
Question:
Hello Jennifer!
Our HIPAA form is from our software provider. It is a standard form. Do we need an updated form? The Company said that it is HIPAA approved/compliant.
Does the form need to specifically ask who we can discuss their information with?
Does it need to specifically ask if we can e-mail, text, call? Or is a general “communication” allowed to work?
Do we need permission to send x-rays to a specific dentist that we are referring the patient to? Or can we have general permission to send to multiple doctors?
When sending x-rays, does the e-mail need to be encrypted?
When someone revokes the HIPAA compliance, can I still send their claim form to the insurance?
It’s a lot of questions, I know. Please advise.
Thank you!
Dr. P
Answer: 
I have reviewed the consent.  I do recommend you switch to ours.  www.healthcarepracticecompliance.com so that the patients provide the correct contact information and consent to type of contact, etc.  I also do not love the wording of the actual consent on the one provided.  
 
First, I would need to see the software provider's recommended form to comment on specific.  I can say all I have reviewed may qualify as "HIPAA compliant", but have not been, in my assessment, functional for client use.  Many times the software provider free form is a basic consent to release of protected health information and does not contain the specific consent for care we have on our Consent for Use and Disclosure, which has the patient specifically authorize email, phone and snail mail communications.  
To get specific in response - 
Does the form need to specifically ask who we can discuss their information with?  - yes if you are discussing with other than the patient.  
Does is need to specifically ask if we can e-mail, text, call?   Yes – I recommend you have approval per modality. 
Do we need permission to send x-rays to a specific dentist that we are referring the patient to? Or can we have general permission to send to multiple doctors?  I recommend confirmation the doctor is a treating provider before sharing – but another covered entity is an authorized disclosure. 
When sending x-rays, does the e-mail need to be encrypted? – The email must be "Protected" through reasonable means for protection.  “Reasonable means” is not defined by HIPAA, but means reasonable protections you can implement or would be excepted to implement.  One such protection is using an encrypted email system.  
When someone revokes the HIPAA compliance, can I still send their claim form to the insurance?  Depends on the language of the revocation and what you allow – I wouldn’t allow revocation effective to claims submissions for post-treatment services. 
Feel free to send over the software form and I will take a look free of charge.  It is incredibly important we get your forms right; proper paperwork will save you.  Your HIPAA compliance  is the gateway to your practice.  I've had cases where clients are embarrassed to send over what they are using - if that is the case, just order the All-In-One and lets clean ho