[ Monday, January 21, 2013 ]
Nugget 9 (nugget 9, nugget 9): The "Hide" Rule: You may recall that the HITECH Act is part of the ARRA, a/k/a the "Stimulus Bill." That was one of those "you gotta pass it so you can see what's in it" thousand-page bills that was written by lobbyists and not read by anyone who voted for it. It was passed with hand-written portions, because they found problems while it was in the well of the Senate. Of course, with such bills, you end up with ridiculous, stupid provisions (the Texas legislature is famous for this sort of thing, but they only meet for about 5 months every 2 years so you gotta expect some slipshod work there).
Jeff [1:10 AM]
My favorite chunk of asininity in the HITECH Act is what I call the "Hide" rule: if a patient pays for a healthcare service "in full out of pocket," and asks the provider not to provide information on that healthcare service to the patient's insurer, then the healthcare provider is prohibited from disclosing that information to the insurer. Effectively, it lets the patient "hide" information from his insurance company, so they don't know what he's up to. What could go wrong here? Obviously, a lot. If the patient then needs pain meds or antibiotics, the insurer might refuse to pay for them, since there's no indication of medical need if the original treatment is hidden. What if follow-up care is needed, and the patient can't afford to pay for that out of pocket? What if the patient is an HMO patient and state law prohibits a provider from charging a patient more than the co-pay amount?
In the proposed Rule, HHS noted how unworkable this idea is. However, the language for the "Hide" rule is in the HITECH statute, making it the law. So like the rest of us, they're stuck with it, and have to write regs to implement it. To be clear, it only applies to providers, and only to disclosures to health plans (disclosures pursuant to a subpoena or court order aren't subject to the restriction, for example). The provider is not responsible for notifying downstream providers. But HHS expects providers to work with patients to instruct them on the risks and difficulties entailed in hiding stuff from their insurance company. Providers don't need to create a separete record, but need to be able to tag the record to prevent slipping up and later sending the embargoed information. If the patient is a Medicare or Medicaid patient, if the care can be treated as non-covered care, or the patient can opt out or refuse to authorize presentation of a bill to Medicare, then the covered entity must play along, but if state or federal law requires the disclosure, then it can be made despite the requested restriction (the disclosure is then a "required by law" disclosure, not a disclosure for payment purposes). If it's a private insurer and the issue is bundling/unbundling, if unbundling is allowed, the provider must do so and allow the patient to pay his portion and bill the insurer for the un-embargoed services; if you can't unbundle, then the patient would need to pay for the whole bundle to be able to invoke the "hide" rule. Finally, the fact that you have a contract with an HMO that requires you to provide all information to them on current medical services is trumped by the Hide rule: HIPAA beats the HMO contractual obligation.
Providers have to mention the Hide rule obligations in their NoPP.
Blogger: HIPAA Blog - Edit your Template