go to University of Miami home page
 
go to site home pagego to reports pagego to laws and regulations pagego to glossary indexgo to FAQ indexgo to training matls indexgo to web links pagego to bibliography pagego to contact directory page


Home > Training Index >

 

 

fundraising quiz (HIPAA)

 

For a quick review, see fundraising fundamentals (HIPAA); for a detailed review, see the glossary entry on fundraising (HIPAA).

Note that Better Samaritan Hospital (BSH) and Big State University (BSU) are fictional organizations. Any resemblance to existing institutions is purely coincidental.

 

At Better Samaritan Hospital, physicians have an informal practice of notifying the Development Office of particularly "grateful" patients, sometimes when those patients are still in the hospital. This allows the Development Office to establish contact to discuss donation options right way.

It is not a HIPAA violation to get to patients as soon as possible, when their "gratitude" is still at a high level, if you are reasonably sure they are mentally competent and interested in making a donation.


 It is a HIPAA violation if the Development Office learns anything about the diagnosis or treatment without the patient's oral agreement to allow such a use or disclosure.


 It is not a HIPAA violation if the patient provides a written authorization for the use or disclosure of protected health information for fundraising.


 HIPAA allows each institution to decide on the appropriate procedures for their internal uses, though external disclosures require authorization.

 

Like many hospitals, Better Samaritan has a VIP program for its big donors -- and for persons considered likely prospects for future large donations. As part of that program, the Development Office monitors the hospitals' computerized scheduling system, flagging VIPs' upcoming appointments. Development provides an "escort" to make sure each VIP gets seen without a wait, by the hospitals' best clinicians.

It can't be illegal to try to secure the best care for your big donors, and this sort of program only benefits them.


 HIPAA rules allow use or disclosure of dates of service, so this kind of information use would be permitted without an authorization.


 Access to the appointments schedule tells the Development Office about patients' treatments (and possibly diagnoses too), so it requires written authorization.


 HIPAA allows each institution to decide on the appropriate procedures for such internal uses, though external disclosures require authorization.

 

Friends of Better Samaritan Foundation (FBSF) is the hospital's affiliated non-profit fundraising organization. The Development Office regularly sends over lists of VIP patients to FBSF. Since this is an "internal" transfer, what kinds of protected health information transfers are allowed?

No information of any kind can be sent without an authorization.


 Development can send basic demographic information and dates of past service, just as it would for a business associate doing fundraising on their behalf.


 Since it is an "internal" transfer, FBSF can receive some basic information about diagnoses and treatments, but no more than that.


 There are no limits on transfers to an affiliated foundation, because it is an "internal" transfer.

 

Better Samaritan is planning a capital campaign, focusing on raising funds for its two new specialty clinics for cancer and heart disease. It wants to target a mailing to patients who have been seen in its facility for those conditions in the last five years.

It is permissible to target the hospital's former cancer and heart patients as long as the fundraising communication includes an "opt out" from future mailings.


 It is permissible to target former cancer and heart patients, but by using the patient lists of physicians in those specialties rather than the hospital's patient lists, as long as there is an opt out.


 It is a HIPAA violation to do a targeted mailing unless the hospital has a written authorization for such a fundraising use. Absent an authorization, the only alternative is a general mailing to all patients.


 HIPAA allows each institution to decide on the appropriate procedures for their internal uses of this kind, though external disclosures require authorization.

 

Better Samaritan's Marketing Department is interested in filling the beds of those specialty clinics with paying patients. It wants to join forces with the Development Office and send marketing materials along with the fundraising literature. Is this OK?

Why not. It'll save on postage if the target audience is the same.


 It may be OK, depending on what information was used to target the information; separate authorizations might be required.


 It is OK as long as there are separate opt-outs for future marketing and fundraising mailings.


 This sort of mixing is expressly prohibited by HIPAA.

 

last modified: 16-Feb-2003 [RC]

 

<< Back | P/DP Home | Training Index | Site Help | Search
 
  Privacy Policy Copyright Disclaimer Contact Info