Clearly, the referral thank-you message is not a HIPAA transaction... so no worries there. If the note (presumably from a CE provider) revealed that an identified person had come in for care, then it would be a message containing PHI... from a CE... to someone, like a friend/neighbor, who probably would not have authorization to receive that person's PHI.
The purpose of the thank-you message appears to be marketing... albeit, an indirect form of marketing, in which an unexpected act of courtesy (the thank-you note) is [arguably] intended to enhance good-will between the CE and a present or prospective patient. I guess you could argue that it's not "marketing", because there is no prima facie incentive to buy anything. You might also argue that the referring person already knew that the patient needed the CE's services, but that would be thin because HIPAA doesn't distinguish between more or less "sensitive" categories of PHI, with regard to disclosure authorization... and there is certainly no "need to know" here. Whatever the purpose of the disclosure is, it does not seem to be for "treatment, payment, or operations"... so a signed authorization from the patient would probably be wise.
Perhaps the easiest workaround is for the CE to send a nice card/note, thanking the person for "referring your friend to our office for eye care", without mentioning the patient's name. The CE might even say in the note that he was specifically not mentioning the patient's name out of courtesy and concern for the patient's privacy... but that the patient had indicate that you were the referral source. (I would NOT say that HIPAA forced my hand... but rather my maniacal concern for patient-privacy!)
Hope this helps,
(I'm not a lawyer!)
-Chris
Christopher J. Feahr, OD
Optiserv Consulting
[For the vision care industry]
Santa Rosa, CA
707-579-4984
707-529-2268 (cell/pager)
http://VisionDataStandard.org
http://Optiserv.com
At 01:28 AM 10/12/2002 -0400, Pat Gill wrote:
A current client has asked if Thank You notes for referrals would constitute a privacy issue or some other non-compliance with HIPPA? Does anyone know or have specific examples one way or the other?"The best insight is vision", Malcolm S. Forbes Have a great day! Pat Tiffany-Gill, PMP 770-998-1022 (Business) 770-998-1144 (FAX) ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ====================================================== The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ====================================================== The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
