Identification of Patient or Authorized Patient Representative Requesting Information over the Phone
Drexel University Clinical Covered Entities
Privacy Program Policies and Procedures
Policy Title: Identification of Patient or Authorized Patient Representative Requesting Information Over the Phone
Policy Number: IM-17
Effective Date: April 14, 2003; September 23, 2013
Last Revision: September 1, 2017
Responsible Officer: Vice President, Chief Compliance, Privacy and Internal Audit Officer
Table of Contents
This policy applies to all Covered Entities within Drexel University.
Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
Drexel University (DU) requires that the identity of an individual on the phone be verified before patient information is disclosed. The patient or authorized representative should verify two (2) items of personal private information from patient demographics prior to disclosing patient information.
This Policy provides for the security of patient information and protects against disclosure of information to an unauthorized caller.
- All individuals not known to the office as members of the patient care team requesting patient information must verify their identity.
- Patients (or authorized representatives) will be asked to verify two (2) items of personal private information correctly before a disclosure of information is made over the phone.
Verification is not required in an emergency situation when negative health consequences would arise from refusal to assist the caller.
- Home phone number of patient, last 4 numbers of social security number, birth date, etc.
Back to Top