Do You Know When to Keep the Barn Door Closed?

HIPAA and Release of Information regulations can create sticky situations. Frequently, I am asked how to handle release of information to the caregiver of an elderly patient after the information has already been released. Let’s try to secure that barn door before the horse escapes.

Sticky situations arise when an elderly patient becomes frail or begins losing cognitive abilities. At that point, adult children or someone else may step in to help with physical care, finances or transportation to appointments. The HIPAA concern is how much information you can share with these individuals without patient permission. For example, recently I was asked about discussing treatment and finances with the patient’s ex-spouse, who was providing care assistance. Unfortunately, there was no documentation regarding the patient’s wishes.

When a third party accompanies the patient to an appointment it’s perfectly acceptable under HIPAA to share information in the patient’s presence. The challenge arises when the individual did not accompany the patient and calls after the fact requesting information. Or worse yet, they call questioning your fees or the care rendered. On more than one occasion, I have seen such scenarios result in a complaint to the dental board when the relative or caregiver becomes perturbed with the practice over finances or services rendered (feeling their loved one didn’t need such services after all). In most cases, the dental board does not find a standard of care violation, yet the dentist suffers the emotional stress and financial burden of defending his/her license.

Under the HIPAA Privacy Rule, patients have the right to request confidential communications (45 CFR 164.522(a)). However, just because the patient has not indicated a preference, don’t assume it’s safe to discuss care with others. In some cases, even spouses request that their diagnosis or treatment information not be shared with one another.

If you find yourself in a situation with the barn door already open, consider these two suggestions to mitigate risk and protect patient privacy:

  1. If possible, politely let the individual requesting information know you would like to obtain patient permission first. Then call the patient and request permission to share the information with the individual in question. Be sure to document that conversation in the patient record.
  2. At the next appointment, ask the patient to add the individual(s) to their list of contacts who are approved to discuss and/or make decisions regarding the patient’s treatment. Again, this should be documented.

Consider these proactive steps to keep the barn door closed:

  1. Ensure that your HIPAA Acknowledgement of Receipt of Notice of Privacy Practices form includes a place to list individuals the patient authorizes to discuss their care. If your Acknowledgement form does not capture that information, it can be captured elsewhere on your new patient forms.
  2. Always obtain the name and phone number of the patient’s physician. Update this information periodically as part of the medical history update. You never know when you may need to speak to the physician regarding the patient’s cognitive abilities or medical status. Under HIPAA, you are allowed to share information with other providers for treatment, payment or operations. For example, the patient may be taking dementia medication, but has forgotten to inform you of that fact.
  3. Look ahead when caring for elderly patients: inquire whether someone helps with their finances and suggest that individual be present when it’s time to discuss the treatment plan or make financial arrangements. If the caregiver understands that the patient truly does have periodontal disease or failing restorations, they may be more helpful than hostile in the end.

Every patient scenario and every practice philosophy is different. In the end, common sense should prevail when it comes to providing care, but having a good lock on that barn door helps, too!