Right to Confidential Communications – Healthcare Provider

Scope

This procedure applies to the workforce members in the designated Indiana University (IU) HIPAA Covered Healthcare Components and HIPAA Affected Areas, anyone rendering services as a Business Associate, and anyone who creates, receives, maintains, or transmits Protected Health Information (PHI) in any capacity at IU, including, but not limited to, faculty, staff, students, trainees, volunteers, visiting scholars, and third-party agents.  For the purposes of this procedure, all of the above will be referred to as workforce members.

Procedure Statement

1. Individuals have the right to request alternative means of communications from IU HIPAA covered healthcare components that are healthcare providers in order to ensure confidentiality. Examples of the types of communications to which this policy may apply include:
   1. Appointment reminders;
   2. Billing statements;
   3. Pre or post-treatment/procedure calls;
   4. Sending test results; or
   5. Prescription refill reminders.
2. If alternative means of communications are not requested, the covered healthcare components may freely communicate with the individual through the telephone number and address provided by the individual.
   
   Covered healthcare components are responsible for complying with this procedure or for developing a comparable operating procedure for addressing requests for confidential communication.

Procedures

1. Requests for alternative means of confidential communications must be in writing.
2. Covered healthcare components should accommodate all reasonable requests to receive confidential communications by alternative means or at alternative locations and will not require an explanation from the individual as to the basis for the request.
3. Reasonable requests include (but are not limited to) using alternative telephone numbers, alternative addresses, refraining from leaving messages on answering machines, and refraining from mailing information to the individual. Unreasonable requests are those that would be too difficult technologically or practically for the covered healthcare component to accommodate.
4. Covered healthcare component workforce members will be responsible for receiving, processing, and responding to requests for confidential/alternative communications and for maintaining the request form in the medical record.
   1. If the request is for an alternative address, telephone or e-mail, the designated staff member may approve it at the time of request.
   2. Agreed upon requests for alternative communication must be communicated to all who may be involved in the use or disclosure of the individual’s PHI.
   3. If the request for alternative communication is denied, the reason for the denial must be documented on the request form.
   4. The designated staff member will contact the patient to inform them the request was denied and the reason for the denial.
   5. Covered healthcare components will document the acceptance or denial of an individual’s request for confidential/alternative communications and maintain all documentation relating to the request in the individual’s medical record.

Reason for the Procedure

The Health Information Portability and Accountability Act (HIPAA) Privacy regulations require that a covered entity must permit individuals to request and must accommodate reasonable requests by individuals to receive communications of protected health information from the covered healthcare provider by alternative means or at alternative locations.  A covered healthcare provider may not require an explanation from the individual as to the basis for the request as a condition of providing communications on a confidential basis

This procedure defines the process for complying with a patient’s reasonable request(s) for alternative communications.

History

04/06/2015   New procedure
09/01/2016   Finalized procedure
12/13/2021   Updated procedure contacts

Related Information

HIPAA Privacy Rule
45 C.F.R. §164.522