Close Contact Us Now
Tap Here To Call Us
Updated:

HITECH Act and Self Pay

Our healthcare and business law firm works with healthcare businesses to assist in compliance matters, including the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The HITECH Act was designed to strengthen HIPAA in many ways.  A question our healthcare business-owning clients often have is whether patients with insurance can choose to pay cash instead of billing to insurance.  This post focuses on what the HITECH Act states on this subject.  If you have a question about the HITECH Act or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

  • Summary of Self-Pay Rule

Congress passed the HITECH Act in 2009. It provides in part that health care providers must honor a patient’s request—even an insured patient’s request—to pay out-of-pocket for services, and thus not have their Protected Health Information (“PHI”) shared with third parties like billers or insurers—if the patient requests it. The patient, however, must pay in full 42 U.S.C. 17935(a).

  • Full Rule

The full self-pay rule is in 45 C.F.R. 164.522, titled “Rights to Request Privacy Protection for Protected Health Information.”  The relevant text of the rule is as follows:

“A covered entity must agree to the request of an individual to restrict disclosure of protected health information about the individual to a health plan if:

(a) The disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and

(b) The protected health information pertains solely to a health care item or service for which the individual, or person other than the health plan on behalf of the individual, has paid the covered entity in full.”

  • Impact of Participating Provider Agreement and HIPAA

Participating provider agreements are generally state law governed contracts.  Where the contract conflicts with federal law, the federal law will govern.  Generally, you will also see the participating provider agreements incorporate compliance with state and federal laws, including the HITECH Act.  As for HIPAA, the consent to share PHI with third parties can be revoked orally, such as when they ask to pay out-of-pocket, especially because healthcare businesses need to allow for out-of-pocket payment in order to not violate the HITECH Act.

  • Terminating the Restriction Request

If a patient requests to self-pay under HITECH, that request can be terminated if:

(i) The individual agrees to or requests the termination in writing;

(ii) The individual orally agrees to the termination and the oral agreement is documented; or

(iii) The covered entity informs the individual that it is terminating its agreement to a restriction, [in specific situations].”

There are many other requirements that a covered entity must follow in this situation to comply with HITECH and HIPAA.  If you have a question about the HITECH Act or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

 

*Disclaimer: Thoughts shared here do not constitute legal advice.

Contact Us