HIPAA
What does PHI stand for?
What is Protected Health Information
TCPA primarily regulates
Phone calls and text messages
How is Medicaid funded?
Federal and state
Mbr asks you to text them details re' denied IP stay. You should:
Confirm documented consent before texting PHI
Can you send an automated call to mbr cell w/o consent?
NO- prior express consent is required.
Medicaid programs- (what is consistent)
vary by state within federal guidelines
Provider faxes clinical records to wrong number. This may be:
A HIPAA breach requiring reporting.
Coworker asks you to lookup their cousin's Medicaid coverage status.
Not compliant. You should refuse. Not work related, no need to know this information!
Mbr previously gave consent for calls but revokes it today. What do you do?
Stop contacting immediately.
Medical necessity and compliance with state guidelines.
Which situation creates the highest compliance risk?
Discussing PHI in a public space.
Minimum Necessary rule
Access only the PHI needed to perform your job. Only release minimum information needed.
You discover a mbr's phone number has been reassigned, what now?
Medical necessity decisions must align with-
Before upholding a Medicaid denial, you must verify:
State guidelines and medical necessity criteria.
You accidentally email PHI to wrong provider. First action?
Report to Privacy/Compliance immediately! Where do you find the report form - for extra points?
What requires documented consent?
Texting PHI to member.
If a Medicaid service is denied, members must receive:
Mbr says: "I never agreed to receive text msgs" Your best response:
"I'll review consent documentation and stop texts if not authorized"