Greetings.
My company is developing a novel new product that will be installed in doctors’ offices intended to streamline some operations for the doctor’s staff and improve the exam room experience. Without disclosing too much about the product, since we are just now going into live beta tests, I’d like to get some feedback from the WEDI Privacy community about whether what we’re doing is likely to be considered a “Marketing” use of PHI.
Our system collects information from the patient when they arrive at the office. Questions are asked, answers are recorded and as a result, the doctor receives a printout to be used during the exam room visit that includes information he has asked us to collect from the patient. Among other things, formulary compliance information for the patient’s insurer is provided. That part seems pretty straightforward – not a marketing use – clearly part of TPO.
It is important to note that no identifiable patient information ever leaves the doctors’ office. All information about the patient stays in the computer system installed in the office. Only aggregate, non-identified data is sent to a central site for usage statistics reporting. Furthermore, all PHI is heavily encrypted so theft of a machine would yield no data.
In order to provide direct value to the patients as well as to the physician, we plan to print a document for the patient that includes patient ed information selected by the doctor to be printed in response to specific patient answers. The information will also include messages from the patient’s insurer and PBM about relevant disease management programs, the use of generic drugs, recommendations for preventive procedures, etc. For example, if the patient has reported being a diabetic and indicated that they have not been enrolled in a DM program, their insurer might deliver a message to encourage such enrollment – even including an enrollment form on the printout (but no info goes back to the insurer). This too, seems to me to be copasetic with regard to the “Marketing” definition. Of course if others disagree, I’d like to hear about it.
There are areas in our plan however, that approach the line that might require specific authorization for PHI use. It is these that I would really like some feedback on.
Thank you in advance for whatever comments and opinions you care to offer. Fortunately, we’re still at a stage where we can fine-tune the specific features of our product to provide maximum value to both the physician and patient while steering clear of HIPAA entanglements. Your feedback will help us do that.
Harvey Smythe
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. |
