Join POF's New Email List Today!!!:  Join Now

HIPAA Overview for Florida Opticians 

Prepared by: Professional Opticians of Florida

HIPAA stands for the Health Insurance Portability and Accountability Act. The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information, which gives patients more control over their health information.

The good news for some opticians is that most provisions of HIPAA may not directly affect your practice. All opticians should, however, be aware of what HIPAA is and how it affects the health care provider/patient relationship. Here’s a brief summary:

Although HIPAA is a federal regulation, states are allowed to set certain standards. Florida statutorily grants patients the right of access to their medical records maintained by health care practitioners. Florida also further defines and restricts the manner in which these practitioners can disclose a patient’s health information. Patients have a right to receive copies of reports and records relating to their examinations or treatments, including x-rays and insurance information, from their health care practitioners. This is not a concern for most opticians.

The protection and permitted disclosure of a patient’s medical records by a health care practitioner is where compliance can become trickier and should be a concern for Florida opticians. Health care practitioners include licensed physicians, acupuncturists, chiropractors, osteopaths, psychologists and psychotherapists. The term “health care practitioner,” for this purpose only, does not include opticians, along with pharmacists, dental hygienists and certain other health professions. (Fla. Stat. Ann. §456.057, defining “health care practitioner”) However, the law also defines “records owners,” and your obligations under the law depend on your employer. Health care practitioners are “records owners” if they generate a medical record, receive medical records from a previous record owner (e.g., O.D. or M.D.) or are the practitioner’s employer, if the employer is designated as the records owner. (Fla. Stat. Ann. §456.057(1), defining “records owner.”)

Record owners are now required to develop and implement policies, standards and procedures to protect the confidentiality and security of medical records. Employees of the record owners must be trained in these policies, standards and procedures. (Fla. Stat. Ann. §456.057(9).) In addition, record owners must maintain a record of all disclosures of information in a medical record to a third party, including the purpose of the disclosure request. (Id.)

The question that many opticians have about HIPAA is if there are provisions that stop or hinder them from verifying the patient’s Rx from the prescribing health care provider verbally or by phone, fax, etc., or if they are prohibited from providing the patient’s prescription to a third party (e.g., mail-order contact lens company) at the patient’s request. This is permissible under §164.506 of the federal code. In the relevant part, the Privacy Rule defines treatment as:

… the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party.

Health care is defined, in part, as:
… care, services, or supplies related to the health of an individual. Health care includes: sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

Therefore, the dispensing of eyewear and contact lenses based on a prescription is health care, and the disclosure of protected health information by a provider to confirm a prescription falls within the provision, coordination or management of health care and related services and is a treatment activity.

The privacy provisions of HIPAA do not prohibit you from using your patient list to market your products and services to your own patients. The Act does expressly prohibit releasing patient information to a third party for solicitation or marketing the sale of goods or services without a specific written release or authorization from the patient.

Whether or not you are a record owner, you may respond to market surveys. The Act permits creation and dissemination of a limited data set that does not include directly identifiable patient information for research, public health and health care operations.

To ensure that your office is in compliance with the HIPPA regulations, you can start by adopting some policies that many other health care professionals have long made a practice to ensure reasonable safeguards for individuals’ information, including:
• Speak quietly when discussing the patient’s corrective prescription or vision maladies in the dispensary or other public area;
• Avoid discussing or mentioning a patients health issues in public areas and post signs to remind employees to protect patient confidentiality;
• Isolate or lock file cabinets or records rooms; and
• Provide additional security, such as passwords, on computers maintaining personal information.

Counter to our earlier advisory, you can publicly use patient names. That clearly is allowed under HIPAA. So it's not a problem to go into the waiting area and call "Mrs. Smith" to take her to the exam room or into the dispensary. However, what you would NOT want to do is to say in hearing range of others in the waiting area: "Hello, Mrs. Smith. How are you doing on those new glaucoma drops that Dr. prescribed for you"?
Protection of patient confidentiality is an important practice for many health care professionals; with guidance provided from the HIPAA rules you can build upon the preceding codes of conduct to develop the reasonable safeguards required by the Privacy Rule.

Opticians in all work setting should acquaint themselves with the provisions of the Act, especially if they manage the office for optometrists or ophthalmologists, since employees are required to be trained in the office’s policies, standards and procedures for protecting confidentiality of patients’ records.


This advisory is provided as a courtesy to POF members and as a starting point to understanding this issue. POF and its board of directors, staff and management do not engage in providing legal advice or opinions.

March 2003

For information on HIPAA the Web go to:

A good place to start is with this article from the ECP consultant Gil Weber.
Eye on Managed Care: Protect Yourself on HIPAA Issues
http://www.gilweber.com/gw_pro33.htm
He has this and plenty of other useful information and links posted on his web site.
http://www.gilweber.com

For Florida (or another state) specific HIPAA information.
http://www.healthprivacy.org/
and select Florida

For an general overview and useful links go to:
http://www.hipaadvisory.com/

At the HIPAA.org's practice management system directory
http://www.hipaa.org/pmsdirectory/
It's downloadable in .pdf (adobe), .rtf (rich text format), and .wpd (wordperfect).

It is strongly suggest you download and read at your leisure. It's long, but very
worthwhile.
http://www.hhs.gov/ocr/hipaa/privacy.html

Also, here's a link that helps you figure out if you are or are not a covered entity.
http://www.cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp

Mark A. Miller
Executive Director
Professional Opticians of Florida
1947 Greenwood Drive
Tallahassee, FL 32303
markm@pof.org
850/201-2622
FAX/201-2625

VWI OFFERS HIPAA COMPLIANCE KIT. Vision West, Inc. (VWI), a purchasing and practice management resource for eyecare professionals, is offering a manual that helps practitioners comply with Health Insurance Portability and Accountability Act (HIPAA) regulations. The VWI HIPAA Compliance Manual kit includes a CD-ROM that allows you to customize and print the necessary forms, posters and compliance documents; a staff training video and quiz; technical support; and free product updates for two years. To order the kit, contact VWI at 800-640-9485.


Here are some relevant Questions and Answers directly from a HIPAA Advisory

Q: Can a pharmacist use protected health information to fill a prescription that was telephoned in by a patient’s physician without the patient’s written consent if the patient is a new patient to the pharmacy?

A: Yes. The pharmacist is using the protected health information for treatment purposes, and the HIPAA Privacy Rule does not require covered entities to obtain an individual’s consent prior to using or disclosing protected health information about him or her for treatment, payment, or health care operations.

Q: Does the HIPAA Privacy Rule restrict pharmacists from giving advice about over-the-counter medicines to customers?

A: No. A pharmacist may provide advice to customers about over-the-counter medicines. The Privacy Rule permits a covered entity to disclose protected health information about an individual to the individual. See 45 CFR 164.502(a)(1)(i).

Q: Can a patient have a friend or family member pick up a prescription for her?

A: Yes. A pharmacist may use professional judgment and experience with common practice to make reasonable inferences of the patient’s best interest in allowing a person, other that the patient, to pick up a prescription. See 45 CFR 164.510(b). For example, the fact that a relative or friend arrives at a pharmacy and asks to pick up a specific prescription for an individual effectively verifies that he or she is involved in the individual’s care, and the HIPAA Privacy Rule allows the pharmacist to give the filled prescription to the relative or friend. The individual does not need to provide the pharmacist with the names of such persons in advance.

Q: Does the HIPAA Privacy Rule permit an eye doctor to confirm a contact prescription received by a mail-order contact company?

A: Yes. The disclosure of protected health information by an eye doctor to a distributor of contact lenses for the purpose of confirming a contact lens prescription is a treatment disclosure, and is permitted under the Privacy Rule at 45 CFR 164.506.

Q: Does a physician need a patient’s written authorization to send a copy of the patient’s medical record to a specialist or other health care provider who will treat the patient?

A: No. The HIPAA Privacy Rule permits a health care provider to disclose protected health information about an individual, without the individual’s authorization, to another health care provider for that provider’s treatment of the individual. See 45 CFR 164.506 and the definition of “treatment” at 45 CFR 164.501.

 

 

Welcome to the Professional Opticians Of Florida Website

For the past 50 years, the Professional Opticians of Florida have dedicated themselves to enhancing the competency of opticians, advancing the profession of opticianry, and working to protect the health and welfare of the public.
Please feel free to browse our site, and to contact us with your questions and concerns.

POF Info on Demand! 24 hours a day / 7 days a week!
click here for details.

E-Mail: info@pof.org
"When requesting information, please include your street address."

>>>> ENTER

© Copyright 2004, Professional Opticians of Florida, All Rights Protected
Designed and Hosted by: Rapid Systems, Inc.