The HIPAA Omnibus Rule: Its Effect on Healthcare Fundraising
For Fundraisers, a few of the more significant changes are:
- More stringent opt-out provisions – requiring covered entities to provide “clear and conspicuous” opportunity to opt out of further fundraising communications (Section 12306(b)).
- Provide multiple channels for patients to opt out.
- Once opted out, the entity must take “reasonable measures” to certify that no further fundraising communications are sent
- Availability of additional Protected Health Information (PHI) data for the purpose of fundraising efforts, without patient authorization. This information is in addition to the currently permitted data (Demographic data, dates of health care provided, and health insurance). They include:
- Department of Service – this can include “broad designations, such as cardiology, oncology, or pediatrics”
- Outcome Information – this includes information regarding the “death or sub optimal result of treatment or services”. It also assumes the covered entity removes those individuals receiving “sub-optimum” outcomes from fundraising solicitations.
- Treating Physician
- Exact Date of Birth (vs. Month/Year available now)
I am fortunate enough to work with hundreds of talented researchers, administrators, and executives at healthcare fundraising organizations across the country. Through these conversations I’ve realized that the use of this new information can be as diverse as the missions they support. Examples can be as basic as the development of creative letterheads (communication based on Department of Service) to the foundation of VIP Programs, using outcomes information to target patients with similar conditions.
For many, there seems to be a general interest to reassess the organizations ability to acquire, analyze, and segment this new information ahead of the September 23rd compliance date. Has your organization developed a unique approach to capturing and leveraging this information? Please let us know in the comments.
