If the CE determines that this disclosure is not for TPO, but is an acceptable disclosure under the Privacy Rule (perhaps placing it under a disclosure of PHI to friends or family), and they determine that a formal or written authorization is not required, you may want to look at CONTENT OF NOTICE OF PRIVACY PRACTICES SECTION 164.520(b)(1)(ii)(B)

"A description of each of the other purposes for which the covered entity is permitted or required by this subpart to use or disclose protected health information without the individual’s written authorization."

Based only on this, you may want to consider adding a statement to the provider's NPP that says something like "If a new patient informs us that they are here through a referral and provide the name of the individual who provided the referral, a thank you note is sent to the referring individual."
If this is a practice that the provider wishes to continue, it would probably be a good idea that a procedure is put in place to provide the individual an opportunity to object. 
Finding a good health care provider is getting hard.  Sometimes individuals may say that so-and-so referred me to you, hoping to improve the chances that the provider will agree to schedule an appointment for them and take them on as a patient.  The individual may have gotten an "in-direct" referral and would be uncomfortable if the person who they said referred them got a thank you note for doing so.  Sometimes individuals may say, "I have a friend that has this medical problem.  I know that you mentioned you had the same condition.  Would you recommend the doctor you use?"  The individual may have a friend, or they may want a referral to a doctor from a friend they trust, but don't want their friend to know that they also have a medical problem.  Health care, and personal privacy are a strange combination unique to the individual.  So what works for most, may not work for everyone.

Catherine Lohmeier <[EMAIL PROTECTED]> wrote:

I would appreciate any opinions on this one.  Please use citations if you have them since that will help me document any decisions we make.



Patient A refers their friend Patient B to his/her doctor.


Patient B goes to that doctor.


The doctor wants to thank Patient A for the referral and sends a note saying “Thank you for referring Patient B to my office” and that is the extent of it…


My first take on this is that it is not a disclosure of PHI, which therefore is not affected by HIPAA.  Patient A already has Patient B’s name, otherwise how could there be a referral.  But, I can also see that once Patient B has seen the doctor the connection of Patient B’s name with having seen the doctor becomes PHI.


a)       Would this be a disclosure that Patient B should be given the opportunity to agree or object to?  It seems that would cover it without having to do a formal authorization.  This is what I am leaning toward. 

b)       Should a formal authorization be required?  Seems overkill.

c)       Should the “Thank you” be sent without identifying anyone?  This could work though it may not be as effective.

d)       Should the program be dropped?  Again, this seems unnecessary.


Any other opinions?  Is there an OCR guideline that addresses something like this?


Thanks in advance for any replies.



Catherine Lohmeier

Implementations Project Lead

OD Professional Team

888.621.5751 x 15

402.423.6509 x 15

Do you Yahoo!?
Exclusive Video Premiere - Britney Spears --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Reply via email to