The Memorial Hermann Health System (MHHS) in Houston learned an expensive lesson when it was fined $2.4 million for publicly naming an imposter seeking care at one of its facilities (National Law Review). The patient allegedly presented false identification while attempting to receive care at one of its clinics.
MHHS reported the incident, disclosing PHI to law enforcement, which is permissible under the Health Insurance Portability Act of 1996 (HIPAA). The provider ran afoul of HIPAA by disclosing the patient’s PHI to the media and others without that patient’s authorization.
You’re probably wondering how this is relevant to you. Your company wouldn’t issue a press release if you discovered that employees, former employees, or others were erroneously or fraudulently using your benefits programs. There are three ways this topic is relevant to plan sponsors:
I tackle member ineligibility in this blog.
A no-brainer for curbing your escalating benefit costs is to make sure you’re paying only for members who are plan eligible. Matching eligibility files to member claims is critical, but many employers overlook this critical step.
For the most part, they are claims processors with no incentive to monitor eligibility because it could slow down claims processing.
You collect eligibility files, but would need access to PHI to match it to medical claims data. Staff accessing that PHI access would be under the HIPAA microscope.
As a business associate, your advisor can access PHI on your behalf, making this a better option. But there still are potential issues:
An independent data analytics vendor presents the most protection and options, provided the vendor becomes a business associate. The data analytics vendor considers HIPAA responsibility and help navigate the tricky HIPAA landscape, and offers other benefits:
Whichever route you choose, remember that you must protect PHI at all times, even when criminal activity is involved. It is more important than ever since The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has ramped up its HIPAA enforcement efforts in the past few years.