Bayhealth Medical Center | HIPAA Information

Frequently Asked Questions about HIPAA

Q: What is HIPAA?
A: HIPAA stands for Health Insurance Portability and Accountability Act. This federal law was enacted in 1996. The primary intent is to improve the continuity of health care activity by protecting workers that may lose or change jobs. In addition, changes were made to the health care fraud and abuse enforcement. Finally, provisions were established to simplify administration of health insurance transactions.

Q: To whom does HIPAA apply?
A: HIPAA applies to three types of "covered entities": health care providers, health plans, and health care clearinghouse. This includes physicians, dentists, and pharmacies, just to name a few.

Billing

Q: A patient calls to find out what a bill is for. The patient states, "I was never in the hospital." How should the billing department respond?
A: The billing department can discuss the bill with them. They would not be releasing the information because the patient has already received the bill. Prior to sending an itemized bill, as follow up, the person must verify their identity.

Q: Family members are calling for information. How should this be handled?
A: The patient has the opportunity to agree or object to release of information. This includes family members.

Q: Parents call for information on bills relating to minor child. The information is related to STD testing.
A: State law rules the release of information on minors. If a minor is married the minor may sign for treatment. Unmarried minors may sign for treatment without parent involvement for STD testing.

In this instance, the parent may not be the personal representative of the child. This is also the case when abuse and or neglect is suspected. The parent may not be the personal representative of the child. In these situations, the request should be referred to Risk Management.

Current Bayhealth policy restricts faxing of any STD information.

Q: A housemate/caretaker calls requesting the balance due on and account and information on any other outstanding bills.
A: The patient has the opportunity to agree or object to release of information. A signed authorization should be present for this release of information.

Q: A patient has received a summary bill and wants to know what tests were performed.
A: The billing office can offer to send a detail bill but explaining the tests must be left to the physician of treatment.

Q: The patient wants to know how much the insurance company has paid on the account.
A: The patient should contact their insurance company for this information.

Q: A call is received inquiring who signed for treatment.
A: This will need to be researched, especially if the patient is a minor or elderly person. It will need to be determined who the personal representative is. In some instances it may be a minor child.

Q: An ex spouse is calling to inquire about a bill. (He or she may still provide insurance coverage for an ex spouse.)
A: Refer the individual to their insurance company first. Do not give any information regarding the diagnosis, treatment etc. that resulted in a bill.

Q: An ambulance company or MD office is calling for insurance information for billing purposes.
A: There is no problem releasing information if the information is needed for treatment, or payment and the physician is on staff with Bayhealth. An agreement (Business Associate) would be required to release information to the ambulance company.

Privacy

Q: What are we required to do for Privacy?
A: The final HIPAA privacy regulations require us to take specific steps to protect the privacy of health information.

Adopt policies and procedures to protect the privacy of health information;
Adopt policies and procedures giving individuals specific rights with regard to their health information (the right of access, the right to an accounting of certain disclosures, the right to request corrections or amendments, and the right to request limits on the disclosures we make);
Create a written notice describing how we use and disclose confidential health information (call a notice of privacy practices) and provide it to each patient/enrollee by the compliance deadline;
Designate a privacy official to handle privacy complaints and questions about our notice of privacy practices;
Sign or amend contracts with our business associates to protect the privacy of health information;
Provide job-specific privacy training to our personnel;
Implement safeguards to protect health information from improper disclosure;
Establish a reporting and response system for privacy violations; and
Develop a sanctions policy for the discipline of privacy violations by our employees, agents and contractors.

Security

Q: What is required for security?
A: The HIPAA security regulations will require us to take steps to safeguard the integrity and availability of health information.

Adopt policies and procedures to protect the security of health information (for example, disaster recovery plan, policy on workstation use, procedures for the storage and disposal of health information);
Designate a security officer;
Develop and implement data access control procedures;
Sign and amend contracts with our business associates to protect the security of data exchanged electronically;
Provide security awareness training to our personnel;
Implement technical security mechanisms to prevent unauthorized access;
Establish a reporting and response system for security violations; and
Develop a sanctions policy for the discipline of security violations by our employees, agents and contractors.

Change of Date for Bayhealth’s “Breathe Well Live Well” Program

Dr. David Cloney Wins Quinn Excellence Award

Bayhealth Takes Part in National Sexual Assault Awareness Month

View All Releases