The Pharmacy Chick

Flying the coup in retail

HIPAA folly

Filed under: Uncategorized — pharmacychick at 8:52 pm on Friday, July 15, 2011

It would seem that HIPAA has become the catch phrase for everybody to deny everybody else information.   It also serves to prove how utterly stupid  the staff of a doctors office can be when it comes to what information they can and cannot share.

Case in point:.  We had a patient come in with a script, toss it on the counter and tell us they’ll be back in about 2 hours to pick it up.  When I finally get to it, I notice we are out of stock.  We called the phone number on record and its defunct. I called the Dr’s office and ask the receptionist to look up the most current phone number for the patient..  She tells me she cannot because of HIPAA.  ” Look, I gave you the name, the DOB, the DR name AND the Drug the doctor just prescribed, AND why I need the information.  YOU most CERTAINLY Can provide the phone number of the patient.  I am a health care professional.”  She put me on terminal hold then finally relinquished the phone number.

Case II.  Pharmacy Chick is doing a DME billing for a Medicare claim and we need the ICD-9 code.  I called the office and asked for the diagnosis code for the billing.  Phone jockey tells me its protected information. WTF?  Check again Missy..

Case III.  “Dad” somehow doesn’t know the date of birth of one of his “kids” he is filling a script for.  Guessing failed the insurance test. So I called the office to get it myself.  The medical assistant gives it to me but then asks me..” Can I get in trouble for telling you?”  I said “No, only if you post it on your facebook page!”.

Case IV.  Rx fails the DOB test on the insurance claim.  The date of birth is correct per the patient, so I called the insurance company.  It was a billing for a medicare item.  the rep refused to give the the date of birth they had on file.  He insisted that the patient had to call to “correct the problem” then we can rebill.  FAIL.  I broke the news to the patient.  I feel bad for whomever he unloaded on at the office. He was not pleased.

Any of you pharmacists out there have any other stories to share about HIPAA failures?

15 Comments »

Comment by PAS

July 16, 2011 @ 12:25 am

I can add some perspective from the insurance side.

I’ve seen HIPAA used to justify the occasional moronic policy. However, that’s the exception, not the rule. PBMs and Insurance are in an exquisitely vulnerable position when it comes to HIPAA – we hold enormous amounts of protected information, and handle it in large volumes through automated systems – from online claim transactions to generated documents. Very small slip-ups can result in very major foul ups.

An instance that occurred a couple months ago is a good example. A physician’s office filled out a paper form for Suboxone and wrote an incorrect fax number on the form. They then made fifteen or so copies and filled the remainder out for different patients. These forms were sent into us to prior authorize the drug. That erroneous fax number was someone’s home phone. As we completed each request, our claim system generated a fax and sent it to that number. The owner of that phone line got upset at the constant ringing and connected a fax machine to his home line to accept the documents and get t to stop ringing. As a result, he ended up with paper documents listing drug, patient name, DOB, prescriber info and addresses for about a dozen people.

He used the info to contact us, and we traced it back to the fax number the physician provided.

In terms of providing date of birth – that is a dead outright no-no. When handling a verbal request, you are unequivocally not allowed to access a patient profile without a name qnd date of birth match. Technically, that rep should not have told you anything along those lines.

This I say from experience – if he had given out a DOB, he would have basically handed out the keys to that patient’s account. He would have lost his job, immediately, no hesitation about it. For making that sort of error in judgement, he probably would not be employed in the industry again.Pas, I am just gonna have to call you out on this one. you are wrong. a PBM rep can and should provide a date of birth to a verbal request if the pharmacy has provided enough information to prove that we are indeed who we say we are. that includes our name, our NPI or NPCDP id number, Patient name, address, etc. After all, YOU have it wrong. If I have the correct info and YOU have an incorrect date of birth and we need it to make a claim process, then you have an obligation to make that happen. After all the only time I would call YOU is if the date of birth is WRONG.

Comment by Amy

July 16, 2011 @ 7:58 am

How many times have I called to get/find out a patients DOB? Hundreds if not thousands of times. I can tell you that it is a most recent inquiry where I was denied any access into the patients date of birth. Sometimes, I will put the parent/patient on the phone with them at that moment to gain access or sometimes I can just give another family member’s information that will gain access. Most of the time, I do not have a problem accessing a patient’s correct dob through the insurance with a claim, correct name, address and phone #.

Comment by RxBoy

July 17, 2011 @ 6:33 am

Example 4 that you give could perhaps be a policy the insurance company has in place to prevent fraud or identity theft. Perhaps a bit over the top, but nonetheless I see no issue with the patient being responsible for calling them and making sure the information is correct. I don’t think that involves HIPAA at all.

Here in my state our Medicaid program is like that. If any of the information we submit is incorrect or outdated, the patient has to provide us with the updated information. If they cannot do this, they have to contact their social worker themselves and get it taken care of. The script can’t be processed until they do this.

On a side note, my biggest pain in the arse with HIPAA is having to argue with people who we cannot share info with legally. This is especially true with the senior citizens, they just don’t understand why I can’t talk to them about their spouses prescriptions.

Comment by Jaden

July 17, 2011 @ 10:35 am

I can see the issue from RxBoy and PAS, but in pharmacy school pharmacists are taught they are professionals duly obligated by society to provide and hold pertinent information with regard to our duty as licensed pharmacists. If, I, as a pharmacist need to have information about a patient’s history from another pharmacy and am told that I cannot (by a technician or anyone without a pharmacist or physician license) then, I am being prohibited from doing what is my duty.

I can see where Rx Boy would not have a hard time thinking it is the patient’s obligation to provide the information to the insurance company, but as a pharmacist, I would like to be able to provide the medication while I have the prescription in my possession and the pharmacy is open for business.

No insurance company, as an intermediary, has the right to withold proper information from the healthcare professional involved. They would not withold it from the physician, or the physical therapist or other healthcare provider, and they should not withold it from the pharmacist. Sure, insurance companies can say that they’re responsible for getting the bills paid, but that is their job, even if in a dire emergency when the patient would be paying cash.

And this still should be available to a pharmacist even if they do not have a NPI number. Pharmacists have license and registration numbers!

HIPAA violations are incurred when information is for the inquirer’s personal gain not to the benefit of the patient.

Comment by JS

July 17, 2011 @ 11:22 am

Don’t you have a right to obtain any information you need for “medical purposes,” from doctors, nurses, insurance companies, and other pharmacies (I think your busy enough than to be trolling for info for shits and giggles).

If one of my RX’s do not go through, and the pharmacist wants to take care of it on my behalf; he/she should be able to. And if the insurance company didn’t share the information, IRATE would not be a strong enough word to describe how I would feel. Don’t we sign forms at time of enrollment allowing medical professionals to share this information? I consider a pharmacist, a medical professional!

Hope all is well with you, PC!i am well, thank you! about to go on vacation, so who can complain about that?

Comment by DME Billing Services

July 17, 2011 @ 5:40 pm

A Pharmacist is a medical professional and has complete right to any information for medical purposes. Beats me, why a insurance company would deny it !!

Comment by JenRPh

July 18, 2011 @ 9:53 am

I have a patient who refuses to give me her DOB when she drops off an rx…claims that is protected HIPAA info and she doesn’t have to give it to me. No matter how many times I tell her I have to have it she still refuses. Always ends up taking her rx back and going elsewhere.

Another one refuses to confirm her address at pickup for the same reason. Since when is an address protected health information??

Comment by Jon

July 18, 2011 @ 11:27 am

So the “death panels” Ms. Palin referred to are really the insurance companies.

Comment by PA Honeybee

July 18, 2011 @ 2:57 pm

I work for a PBM and we have no problem with offices/pharmacies calling us and exchanging patient information. I have had offices call me telling me the chart note request we made was a HIPAA violation and they would not release the information. What a crock of crap.

Comment by Rxkerber

July 19, 2011 @ 3:44 am

I’ve run into this so many times, it makes my blood boil. MD writing oxycontin QID refused to give me reason why bc HIPAA. Told me I had no right to that information. I was JUST the pharmacist and should not question him I refused to fill the rx. Pt was going to call BoP on me. Go ahead. I did my job!

Comment by Anonymous pharmacist

July 19, 2011 @ 12:00 pm

Case IV – I understand you are upset that an insurance company refused to give a DOB, but in this case, what does it matter? The DOB is wrong in the insurance company’s system. The patient still needs to call up the insurance company to fix the issue before you can run it through the insurance.generally we get the “wrong” dob , get the claim paid then have the patient fix it at a later date.

Comment by jp

July 20, 2011 @ 3:53 am

Just yesterday, after reading this post, I had a crisis center call to verify patient meds (an inpatient psychiatric home that takes indigent patients who need the help, with no options to go elsewhere). The nurse was shocked that all I needed from her was patient name and DOB. For hipaa release she was ready to fax me a form signed by the patient. I wonder how many run ins they get from pharmacists unwilling to release records to another provider? Shame.

Comment by loveinmyjob

July 20, 2011 @ 7:58 pm

I had a patient who had a severe heart attack while sitting in my waiting area waiting for his script. After he was carted away by EMS, we realized that his credit card, wallet and glasses were left at the store. I called the hospital for info on the patient. After all, when he left my store there was no heart beat but CPR was being administered. I had no idea if he even survived let alone where to reach him if he did. I was transfered from the ER, to ICU to medical records and even to the morge. NO ONE would tell me ANYTHING about the patient. They all claimed protection under HIPAA. I literally had to call the patient’s family and ask if he had survived. I was respectful, but the question still had to be asked. Unfortunately, he had not. Does HIPAA even apply once the patient dies?Holy moly, Ive had a lot of stuff happen in my pharmacy but thankfully not that! but yes I suppose HIPAA still applies after death.

Comment by Alanda from Ontario

July 24, 2011 @ 9:42 pm

The date of birth is wrong all the time around here. There’s really only one insurance company who won’t give out the DOB they have on file so that we can bill it proper, and the call centre drones always say they’re not allowed, and that the patient will have to contact their HR department to have it straightened out.

Even worse though, was the time I was trying to bill some medications for a set of twins… Apparently, because they have the same DOB the computers at the insurance company thought that it was the same person, so if they were being given identical drugs it would bill okay for one twin, and then come back as a duplicate for the other. To fix the problem, an e-mail had to be sent, but it would take somewhere between 24 and 48 hours for anything to be corrected. I asked for a supervisor on that one, and let them know exactly how stupid I thought the situation was.

Comment by Tech

July 25, 2011 @ 8:03 am

I work at a retail pharm and I have the same problem with the DOBs being wrong on the insurance end. They will never change the DOB without the patient calling them. It’s frustrating for the customers and for us to have to wait for them to fix it. Maybe the insurance companies need to double check that they have all the right info when issuing cards and patients can also check that their info is correct with their insurance companies.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>