The Truth About HIPAA Hysteria By: David Stone, Owner, DC Marketing Specialists

As the President of a dental marketing firm, I had a very big concern about the HIPAA regulations. I have spent over 73 hours working with Sybile O’Malley in the San Francisco office of the Health & Human Services Office of Civil Rights. In the process of addressing many of my clients’ concerns, in reference to our products, she has provided a lot of clarification of the current HIPAA regulations.

As always, the misinformation on this topic breeds doomsayers (Y2K and OSHA regs) who try to raise a certain amount of ‘hysteria’ concerning compliance to sell their wares. To help dentists understand the regulations, here is some information on frequently asked questions.

Under HIPAA regulations, what is a “covered entity?”
A covered entity is a health plan, a healthcare clearinghouse, or a healthcare provider who transmits or has its billing services transmit any health information in electronic form. Internet, extranet, leased lines, dial-up lines, private networks and/or transmissions that are physically moved from one location to another using magnetic tape, disk or media. To verify if you are a “covered entity,” visit the following website: http://www.cms.hhs.gov/hipaa/.

Do HIPAA privacy rules apply ONLY to those practices that file insurance electronically?
If a practice does not use electronic files of any kind to transmit, work with any other provider such as a billing service, health care providers and does everything on paper in the entire practice, they are not a covered entity.

For example, if my marketing company received a doctor’s patient list to mail our newsletter on a computer printout AND that doctor did nothing else in his practice related to us electronically, then the practice is not a covered entity and does not have to comply with HIPAA.

If this same doctor submits just one item to a billing company or an insurance company or anyone electronically, he would be a covered entity!

Can you still have a patient sign-in sheet and comply with HIPAA regs?
There is no problem with having a patient sign-in sheet or calling out a patient’s name in the waiting room. However, HIPAA does insist on some limitations. Your sign-in form should only contain the patient’s name, date, time and name of the doctor, if applicable. Medical information, such as reason for visit or other non-medical information cannot be included on the form. See CFR-164.502 (a)(1)(iii) (A) or page 14 of HIPAA guidance for further explanations. (B)

Is sending birthday or recall cards to patients still permitted?
Mailing birthday cards ‘without a gift’ or ‘with a gift’ of nominal value is fine as long as there is no medical information whatsoever disclosed on the birthday card. See page 70 of the HIPAA Guidance book for a more in-depth explanation of what parameter ‘nominal’ encompasses. (B)

There is no problem with sending recall cards. However you must avoid information regarding the reason for the recall such as, “It’s time for your cleaning,” or “Time for your exam.” If you call to confirm next-day appointments and leave a message on a patient’s answering machine, you cannot provide any information other than to have the patient call your office to verify their appointment. Never leave pertinent medical information on an answering machine.

Can practice newsletters still be mailed to patients?
Many doctors have been erroneously told they cannot correspond with their patients, such as through patient education newsletters. Do not allow this misconception to destroy your relationship with patients. A patient newsletter is not considered “marketing” as long as it used to describe products or services provided by the doctor and the covered entity or doctor does not receive any direct or indirect remuneration from a third party for making the communication.

HIPAA regulations do not apply or have any effect on any offers, programs or any other correspondence that markets to get new patients in your office because you do not have their medical information!

For additional clarification on HIPAA regulations and continuing interaction with other dental professionals, be sure to visit DentalTown’s HIPAA forum at www.dentaltown.com.

A. http://www.hhs.gov/ocr/regtext.html
B. http://www.hhs.gov/ocr/hipaa/guidelines/guidanceallsections.rtf

---

David Stone, President of DC Marketing, has over 33 years of professional direct response marketing experience. He has been serving the dental profession for over 10 years with patient retention, reactivation and referral tools. He can be reached at 1-800-736-3632 Dept. E for an in-depth marketing report on HIPAA.