can use patient data without the person's prior approval. One of the interesting implications ofHIPAA is the use of patient data for marketing and fundraising activities. Under theregulations, a health care organization must have written authorization to use patientinformation for purposes that are not related to the treatment or payment of their care. Underthe privacy rule, however, certain marketing and fundraising activities have been allowedwithout patient authorization. But, this opportunity to use patient data is only in support ofseveral limited fundraising and marketing activities.Many additional provisions were included in President Obama's $787 billion AmericanRecovery and Reinvestment Act (2009) to further strengthen the HIPAA provisions. Ofparticular note are new regulations pertaining to the marketing and release of patientinformation. Hospitals, in particular, must be far more careful in terms of not marketing topatients who opt out of hospital fundraising lists. According to section 13406 of theReinvestment Act, health care organizations may not communicate about a product or servicethat encourages people to purchase or use a product or service, nor may they communicatewith consumers if the hospital receives or has received direct or indirect payment in exchangefor making such communication.70Health care organizations and the institutionally related foundations (foundations thatqualify as nonprofit charitable foundations under section 501(c)(3) of the Internal RevenueCode and that have in their charter statement of charitable purposes an explicit linkage to thehealth care organization) may use or disclose an individual's demographic information and/orthe dates that the individual received treatment without obtaining written authorization.These uses and disclosures are permissible in the following instances:1.The covered entity's notice of privacy practices states that individuals may becontacted for the purpose of raising funds.2.Any and all fundraising materials include instructions on how to opt-out of futurecommunications.3.The covered entity makes reasonable efforts to ensure those individuals' opt-outrequests are honored.The use or disclosure of patient health information (PHI) for marketing purposes ispermissible without an authorization in three instances:
Regulatory Factors 522.1. First, health care organizations are permitted to use or disclose patient informationwithout authorization to make marketing communications in face-to-face encounters.These communications may include discussion of any services or products, includingthe services or products of a third party.Second, patient information may be used ordisclosed without authorization to make marketing communications involvingproducts or services of nominal value. This would allow for the distribution ofcalendars, pens, and other merchandise that is generally considered to be of apromotional nature.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 60 pages?
Upload your study docs or become a
Course Hero member to access this document
