“Can Medical Justice solve my problem?” Click here to review recent consultations…
all. Here’s a sample of typical recent consultation discussions…- Former employee stole patient list. Now a competitor…
- Patient suing doctor in small claims court…
- Just received board complaint…
- Allegations of sexual harassment by employee…
- Patient filed police complaint doctor inappropriately touched her…
- DEA showed up to my office…
- Patient “extorting” me. “Pay me or I’ll slam you online.”
- My carrier wants me to settle. My case is fully defensible…
- My patient is demanding an unwarranted refund…
- How do I safely terminate doctor-patient relationship?
- How to avoid reporting to Data Bank…
- I want my day in court. But don’t want to risk my nest egg…
- Hospital wants to fire me…
- Sham peer review inappropriately limiting privileges…
- Can I safely use stem cells in my practice?
- Patient’s results are not what was expected…
- Just received request for medical records from an attorney…
- Just received notice of intent to sue…
- Just received summons for meritless case…
- Safely responding to negative online reviews…
It’s Friday afternoon. You receive a letter from an attorney. His new client obtained a blood test from your office. This now-former patient initiated a chargeback. He wanted his money back.
But, wait, you performed the test. You have the evidence.
The credit card company wants your side of the story. If you remain silent, it will consummate the chargeback. Then, the patient will have received the service for no cost.
Doesn’t seem fair.
So, you send the credit card company a brief note stating the patient authorized receiving this test and paid the $450 with his Visa card. Please see Exhibit A authorizing the payment. Also, please see Exhibit showing the results of that test.
The credit card company is satisfied you honored your end of the bargain. No refund is tendered.
Now for the attorney.
He writes that “you violated HIPPA.” And he wants $100k to settle this dispute.
Three problems with his line of reasoning.
First, HIPAA is not spelled “HIPPA.” It’s hard to take the attorney seriously if he cannot spell the acronym correctly. HIPAA is short for the Health Insurance Portability and Accountability Act.
Next, HIPAA does not provide an aggrieved party with a private right of action. They can’t collect a check from you. They can file a complaint from the Office of Civil Rights (OCR) for Health and Human Services. And OCR may even fine you. But that does not equate to this patient being paid off.
Finally, you do not need the patient’s advanced signed authorization in certain circumstances. Resolving a financial dispute is one such circumstance. Under the Treatment, Payment, and Operations exception for HIPAA (45 CFR 164.506), a covered entity may, without the individual’s authorization: disclose protected health information for some payment activities. “Payment encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provision of health care.”
This includes:
-
- Determining eligibility or coverage under a plan and adjudicating claims;
- Billing and collection activities
Payment includes activities undertaken to reimburse healthcare providers for treatment provided to individuals.
“Claims management” also includes auditing payments, investigating and resolving payment disputes, and responding to customer inquiries regarding payments.
The main caveat is to disclose the minimum protected health information necessary to adjudicate the dispute. In this example, sending the bare minimum makes sense. The bare minimum means the credit card slip that the patient authorized the blood test. Next, it includes the documentation the lab test was performed on a specific date and the result was X. You did what you said you were going to do.
Minimum protected health information necessary to resolve a financial dispute does not include sending irrelevant information. So, in the example above, there’s no reason to send the entire chart. This is even more important if the chart includes sensitive information such as history of a sexually transmitted disease, psychiatric disorder, history of substance abuse, and so on.
Now for the tricky part.
Individuals have the right to request restrictions on how a covered entity will use and disclose protected health information about them for treatment, payment, and health care operations. A covered entity is not required to agree to an individual’s request for a restriction but is bound by any restrictions to which it agrees. See 45 CFR 164.522(a).
If a patient demands, upfront, as a condition of using his/her credit card that you agree not to disclose anything to the credit card company other than the date and amount of transaction, you are bound to honor your word. So, if this patient later files a chargeback, you cannot deliver the test result to the credit card company to demonstrate that you actually performed the test. In this example, you’d be screwed.
But this is Talmudic sophistry. If such a patient makes an upfront demand, just politely say no. You have to reserve your right to adjudicate a dispute. If the patient draws a line in the sand, politely show him or her the door. Such behavior is likely an ominous red flag for future mischief.
Some offices include in their patient intake forms that the patient gives advance authorization to disclose protected health information to resolve a credit card dispute. Is this helpful? Not sure. A patient can always revoke their signed HIPAA authorization. Will such a patient be aware they can revoke their previously signed authorization? Probably not. But if they do, it creates an unnecessary hiccup. It’s easier to just rely on the payment exception afforded under HIPAA.
In sum, there are some reasonable exceptions to HIPAA requirements for receiving a patient’s advanced signed authorization to disclose protected health information. Addressing a chargeback is one of them.
What do you think?
Medical Justice provides consultations to doctors facing medico-legal obstacles. We have solutions for doctor-patient conflicts, unwarranted demands for refunds, online defamation (patient review mischief), meritless litigation, and a gazillion other issues. If you are navigating a medico-legal obstacle, visit our booking page to schedule a consultation – or use the tool shared below.
“Can Medical Justice solve my problem?” Click here to review recent consultations…
all. Here’s a sample of typical recent consultation discussions…- Former employee stole patient list. Now a competitor…
- Patient suing doctor in small claims court…
- Just received board complaint…
- Allegations of sexual harassment by employee…
- Patient filed police complaint doctor inappropriately touched her…
- DEA showed up to my office…
- Patient “extorting” me. “Pay me or I’ll slam you online.”
- My carrier wants me to settle. My case is fully defensible…
- My patient is demanding an unwarranted refund…
- How do I safely terminate doctor-patient relationship?
- How to avoid reporting to Data Bank…
- I want my day in court. But don’t want to risk my nest egg…
- Hospital wants to fire me…
- Sham peer review inappropriately limiting privileges…
- Can I safely use stem cells in my practice?
- Patient’s results are not what was expected…
- Just received request for medical records from an attorney…
- Just received notice of intent to sue…
- Just received summons for meritless case…
- Safely responding to negative online reviews…
This was presented from an attorney’s perspective.
However, things could have been done slightly differently to avoid even the patient’s attorney’s absurd demand.
First, all that is required is that the note to the credit card company state that the person (avoid the term patient), requested such services of your office on such and such a date. Then send the authorization for the credit card charge and the form with the person’s signature authorizing the charge of $450 with their Visa card. he payment. There is no need to disclose test results to the credit card processor. All that is required is the statement that services were rendered and the authorization signature for the charge. Most processors will accept that alone.
This avoids dealing with any HIPAA information. The credit card company doesn’t need to know what the charge was for. Disputes like this as long as there is a statement that service was rendered or goods were sold, is good enough to not hold up payment from the processor to the physician. That would be the better way to handle any such dispute.
I fully agree that if a patient starts balking about payment terms before the time of service, it is time to show them the door, or demand payment in cash up front to avoid this kind of nonsense.
Your blog fills in as an update that counteraction is superior to fix. Credit for advancing the significance of wellbeing screenings!