“It's the one people are having the hardest time in (figuring out) how we're going to do this,” said Rita Bowen, senior vice president of health information management and chief privacy office at HealthPort, a provider of technology and services for release of information. Bowen, a former AHIMA president and board chairman, was one of several panelists leading the discussion.
Compliance with the rule is problematic because only a few electronic health record systems can tag and flag data elements in a patient's record for segregation and special handling.
Non-compliance, however, means a provider is in violation of HIPAA, according to Angela Dinh Rose, AHIMA's director of HIM practice excellence, who moderated the panel. The omnibus rule fleshes out modifications to the HIPAA privacy and security rules contained in the American Recovery and Reinvestment Act of 2009.
“Patients may want to pay for a single lab test, and the record of that test being ordered and its result must be shielded from transmission to the health plan even if other parts of the visit are transmitted,” Bowen said. The exception to that general guidance is if payment is for a bundle of lab tests and the costs can't be broken out for the specific, more sensitive test. Then the patient would have to pay for all the bundled tests to qualify for the exception.
“You have to have a discussion with your electronic health record vendor,” Bowen said. “But you also have to take a look downstream where that's going. You want to test that flow to make sure how you're going to flag that unique individual test or X-ray and that stays attached.”
Wendy Mangin, director of health information, Good Samaritan Hospital, Vincennes, Ind., said she and her colleagues are working around the inability of their EHR to handle the separation by creating two separate billing records under two different account numbers.
“That means there will be a separate bill,” for the protected service, Mangin said. “It would not be in the encounter that was billed to (the payer),” If the patient's payer were Anthem, the Indiana-based Blues plan, “Anthem will not know that that patient had that lab test.” But even with their workaround, Mangin had her doubts about the broader implications of the out-of-pocket rule.
“I don't know how all if this is going to work, frankly,” she said.
Mangin said the regulation encourages providers to have a conversation with the patient about the possible implications of their decision to withhold information from their health plan. One of those subjects for discussion might be what happens if a test result leads to a diagnosis of a condition that requires expensive treatment and that is needed for health plan pre-authorization. That could lead to a situation where, “the next time you're in, and your doctor reviews all the information, we can't guarantee that information will not be discussed” with their plan, she said.
In such cases, according to panelist Adam Greene, a privacy lawyer with Davis Wright Tremaine, a prudent course for providers would be to give the patient a choice to either disclose the test result to the payer or pay for subsequent treatment out of pocket as well.
AHIMA does not yet have an official policy recommendation on how to best deal with privacy and records handling issues under the new pay-out-of-pocket provision, but comments and discussions from the town hall meeting at the convention will be incorporated in a new practice guidance is scheduled for release in April, Dinh Rose said.
Until then, “We're all trying to figure out what is the best practice,” she said.
Follow Joseph Conn on Twitter: @MHJConn