Washington, DC (PRWEB) October 14, 2015
In the wake of a woman’s arrest at her doctor’s office and the resulting criticism, Health Insurance Portability and Accountability Act (HIPAA) covered entities (CEs) should review their processes on when to contact law enforcement for the purpose of thwarting identity fraud against the need to render care while complying with HIPAA, other federal laws and state regulations, say compliance experts interviewed for the October 2015 issue of Atlantic Information Services, Inc.’s (AIS) Report on Patient Privacy.
The woman, who is not a U.S. citizen, was arrested when she presented a fabricated driver’s license at her ob-gyn, according to RPP. She was not charged with violating immigration laws. In a statement, Memorial Hermann, the health system to which the ob-gyn clinic belongs, said it does not “ask patients about residency or immigration status, nor do we report an undocumented patient to law enforcement. To be clear, this incident has nothing to do with immigration or residency status.” Memorial Hermann also acknowledged that “what happened to the patient is unfortunate” and adds that clinic officials “did not ask for this individual to be arrested” and “did not press charges.”
“Some folks take the position that if someone is knowingly presenting false documents that may result in fraud or identity theft, this represents a crime on premises,” Frank Ruelas, principal and founder of the consulting firm HIPAA College, tells RPP. “As such they use this as a basis for a disclosure –– using minimum necessary –– to law enforcement.”
It also would not be unthinkable to conclude that patients who are undocumented and admit to being in the United States illegally are committing a crime on premises, RPP says. But CEs making such a call need to be aware of how this scenario would play out, particularly if it went public, as it did in Memorial Hermann’s case.
Faced with a patient who may be committing a crime or meet other categories for which HIPAA permits notification to law enforcement, CEs must consider timing and whether care should be interrupted. One option a CE could take to mitigate the situation is to refer the patient to a free clinic, Ruelas tells RPP. Ruelas acknowledges that that isn’t an ideal solution, but says “this has worked in the past” and makes sense “[g]iven all of the moving pieces that are involved with people without insurance, the use of false IDs, the need to try to obtain information for payment of services, the need to create correctly documented records of care, and that undocumented workers in these situations may not have coverage.”
Visit https://aishealth.com/archive/hipaa1015-01 to read the article in its entirety, which includes an interview with the lawyer representing the patient.
About Report on Patient Privacy
Report on Patient Privacy is the health industry’s #1 source of timely news and business strategies for safeguarding patient privacy and data security. Published for hospitals and other providers, health plans and other HIPAA-covered entities and business associates, the 12-page newsletter focuses on privacy issues that can result in huge fines, penalties and public relations nightmares, including: security breach notification; business associate relations and agreements; and new federal privacy rules for marketing, fundraising, privacy notices, minimum necessary, patient rights and safeguarding privacy in EHRs. Visit http://aishealth.com/marketplace/report-patient-privacy for more information.
About Atlantic Information Services
Atlantic Information Services, Inc. (AIS) is a publishing and information company that has been serving the health care industry for more than 25 years. It develops highly targeted news, data and strategic information for managers in hospitals, health plans, medical group practices, pharmaceutical companies and other health care organizations. AIS products include print and electronic newsletters, websites, looseleafs, books, strategic reports, databases, webinars and conferences. Learn more at http://AISHealth.com.