HIPAA… It’s Kind of a Big Deal
This federal law protects individually identifiable health information.
What is HIPAA?
Health conditions, diagnoses, and treatments fall under this category when tied to a member.
What is PHI?
This is the number of identifiers required for inbound calls.
What is 3 identifiers?
You must always complete this step with the member before speaking with a representative.
What is HIPAA verification?
This communication tool is not secure and should never be used to share PHI.
What is Slack?
This type of information includes anything that identifies a member and relates to their health, care, or payment.
What is Protected Health Information (PHI)?
Drug names, dosages, and refill status are examples of this type of protected information.
What is medication-related PHI?
This is the number of identifiers required for outbound calls.
What is 2 identifiers?
This must be obtained and documented before speaking with a representative about PHI.
What is verbal authorization?
You should never include this type of information in voicemail messages.
What is PHI?
This is required before discussing or releasing any member’s private health information.
What is identity verification?
Phone number, DOB, and Member ID become PHI when combined with this type of information.
What is health or plan information?
These include items like DOB, address, Member ID, and phone number used to confirm identity.
What are HIPAA identifiers?
If a representative is not authorized, you must do this before sharing PHI.
What is verify directly with the member?
If verification cannot be completed, you must take this action instead of proceeding.
What is not disclose PHI and offer a callback?
Devoted is classified as this type of organization, making it legally responsible for protecting PHI.
What is a covered entity?
This type of information is NOT considered PHI because it cannot identify a specific member.
What is public or general plan information?
If a member is uncomfortable verifying, you should offer this safe alternative.
What is calling the official Devoted phone line?
When a vendor calls alone without the member, you should take this action.
What is do not disclose PHI and request the member join the call?
This should always be documented: identifiers used, outcome, and any authorizations.
What is HIPAA verification documentation?
This rule requires you to only access, use, or share the least amount of PHI necessary to complete a task.
What is the minimum necessary standard?
Even general discussions about care become PHI when they are linked to this.
What is a specific member?
This additional security measure can be used but never replaces standard verification requirements.
What is a passcode or phrase?
PHI can only be shared with a broker if they meet this requirement.
What is being the Agent of Record?
If something feels suspicious during a call, you should do this before continuing.
What is pause, gather additional verification, and escalate if needed?