Do you worry about HIPAA compliance with your automated appointment reminders? You will want to make sure the company you are using for your reminders are HIPAA compliant – it’s extremely important. Today’s blog will explain what it means to be HIPAA compliant when sending automated appointment reminders and a few other things you need to know.
What is HIPAA compliance? HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.
HIPAA does the following:
- Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
- Reduces health care fraud and abuse;
- Mandates industry-wide standards for health care information on electronic billing and other processes; and
- Requires the protection and confidential handling of protected health information
When sending reminders, you need to be aware of the first item listed above. If your business operates in the healthcare field the you regularly schedule appointments with customers. Likely, you either call your customers yourself or use an automated reminder service. Following a few simple guidelines will ensure that you maintain HIPAA compliance when it comes to protecting the privacy of your patients. Especially when you use, or are thinking of using, an automated system to remind your patients of their scheduled appointments.
According to the US Department of Health and Human Services, appointment reminders are considered part of the treatment of the patient and can therefore be made without authorization. This means that you can send manual or automated reminders to your patients to remind them of their appointments without any specific permissions. However, they also state that “identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability”.
Here’s what you can do:
Your first guided step is in the information. When sending appointment reminders to patients you should only include the most basic, essential information that the patient needs. For example, you can include their name, appointment date and time, and the name of the facility. You can also include the doctor’s name but you cannot disclose the type of appointment they have. Use only the patients first or last name if possible.
Things that you should not include are the type of the appointment, test results, or diagnosis. You will need to ensure that you are sending the reminders to the patient’s phone number or email address that is on file. Include the option that will allow the patient to call back into the system to get more details on the appointment. But only after they can identify themselves by providing a private PIN number or some other means of identification such as MRN + Date of Birth.
Allow the patient to easily opt out of the reminders. They can do this by either responding to a text message or pressing a key on the phone. You should also maintain an ongoing and updated do-not-call list. Ensure that you check this list prior to sending any reminders. If the patient requests you to stop sending reminders then you should honor that request. Also, let your patients know how you will be sending the reminders and how you plan to use their phone numbers and email addresses.
http://uthscsa.edu/hipaa/FAQs.asp#patient (U.T. Health and Science Center / HIPAA and Patient Care)
http://www.hhs.gov (U.S. Dept of Health and Human Services)