Protected health information is made up of directly identifiable elements specified by the HIPAA law. E-PHI (PHI in electronic format) is a subset of the HIPAA information. HIPAA regulates the release, sharing, or use of individually identifiable health information (considered PHI).
“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
PHI includes information about the following classes:
1. The individual patient
2. Household members of the patient
3. Relatives of the patient
4. Employers of the patient
5. Relatives of the patient
Any of the following elements constitute PHI if they apply to any class or person mentioned above:
a. Name
b. Any postal address information that is more specific than town/city, state, and zip code
c. Telephone numbers
d. Fax numbers
e. Electronic mail addresses (email)
f. Social security numbers
g. Medical record numbers
h. Health plan beneficiary numbers
i. Account numbers
j. Certificate/license numbers (professional licenses, driver’s licenses, etc.)
k. Vehicle identifiers and serial numbers, including license plate numbers
l. Device identifiers and serial numbers
m. Web Universal Resource Locators (URL)
n. Internet Protocol (IP) address numbers
o. Biometric identifiers, including finger and voice prints
p. Full face photographic images and any comparable images
CAUTION: Additional state and federal laws may also regulate privacy of information including health information, financial information, family history, genetic testing, HIV status, mental health records and others. State laws that are more protective than federal rules are not preempted by federal laws, regulations, or rules on the same topic.
When I call to ask questions about billing for my spouse’s medical services, I have info about the dates of service, total amount(s) billed, CPT and ICDN codes etc (all provided on our bill from the provider.) When I ask about dollar amounts, whether the insurance has paid (and how much) or sometimes dates of service if I don’t have these in order to pay the appropriate amount, the provider billing departments universally refuse to give this information, and ask for a signed permission form from my wife to give out this info. Is this really required by HIPAA? I understand that info about treatments or diagnoses are protected, but wasn’t sure about this type of billing information.
When it comes to financial details, necessary for payment, the provider MAY disclose information but is not required to disclose it. In this case, you are listed as the guarantor probably and the insurance may also be in your name, so I would take the position that there is no prohibition under HIPAA. At the same time, I would take the position that the provider should have policies on how this type of situation is to be handled so that they are protecting the information from inappropriate disclosure but not frustrating legitimate inquiries. One of the toughest challenges in the world is matching up bills to payments, so I totally empathize with you. The quickest solution is to go in with your wife and sign whatever they think they need to be able to discuss bills with you — it is a pain, but better than arguing every time you have a billing question.