The Leads Network Policy regarding Telemarketing and HIPAA compliance
by and on behalf of DME clients
Summary:Section 1834(a)(17) of the Social Security Act prohibits both unsolicited telephone contacts to Medicare beneficiaries by suppliers of Medicare-covered items, and payment for items furnished subsequent to prohibited contacts. The Alert expands these prohibitions by applying them to independent marketing agencies working on behalf of DME suppliers. It also requires DME suppliers to verify that information purchased from third parties and marketing activities which are conducted by such parties do not involve prohibited activities.
Details about the Social Security Act: Pursuant to Section 1834(a)(17)(A), suppliers of Medicare-covered items may not make unsolicited telephone calls to Medicare beneficiaries regarding the furnishing of covered items, except in three specific circumstances:
* The beneficiary has given the supplier written permission to make contact by telephone;
* The contact regards an item the supplier has already furnished to the beneficiary; or
* The supplier has furnished the beneficiary with at least one covered item during the fifteen-month period preceding the date the supplier contacts the beneficiary.
If a supplier improperly contacts a beneficiary, Section 1834(a)(17)(B) prohibits Medicare payments for items furnished subsequent to the unsolicited contact. Specifically, the statute provides that no payment shall be made for any item furnished by a supplier that knowingly contacted a beneficiary in violation of the law. The OIG classifies these claims for payment as false; violators will be potentially subject to criminal, civil, and administrative penalties.
How does The Leads Network ensure compliance?:It is the policy of TLN to use only compliant beneficiary calling data by its call center in the generation of diabetic Medicare based leads. This means that such data must be permission based and include the proof of an opt-in “trail” where in the beneficiary, prior to outreach by the TLN call center, provided permission to be contacted. The details of this permission can be found in the privacy notices in the various Internet websites visited by such beneficiaries. When the beneficiary visitor submits a request for information that submission constitutes agreement with the privacy terms and conditions of that site. If TLN is a marketing partner of such a site then TLN receives and can utilize the “Agreement to be contacted” rights as set forth in such sites.
Permission to call trail:All compliant calling data used by TLN’s call center will include the date and time stamp when the beneficiary visited such site and the IP address used. In addition and upon request, TLN will provide the url of the actual site through which the beneficiary submitted the request for information and agreed to be contacted. Additionally, TLN will also provide upon request the recording of the subsequent conversation between the TLN call center and the beneficiary in which the beneficiary reconfirmed permission to be called.
HIPAA Compliance:Protected Health Information is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and regulations promulgated by the U.S. Department of Health and Human Services to implement certain privacy and security provisions of HIPAA (the “HIPAA Regulations”), codified in 45 C.F.R. Parts 160, 162, and 164); and
Subtitle D of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), signed into law on February 17, 2009, imposes significant new obligations directly on call centers and DMEs to comply with such requirements.
Obligations and Activities of TLN with regard to HIPPA.
(a) Specific Uses and Disclosures. TLN may use or disclose PHI to perform functions, activities, or services for, or on behalf of, its DME clients provided that such use or disclosure would not violate the HIPAA Regulations if done by the DME.
(b) Other Business Associates. As part of its providing functions, activities, and/or services to DME clients, TLN may disclose information, including PHI, to other business associates of DME and may use and disclose information, including PHI, received from other business associates of DME as if this information was received from, or originated with, DME.
(c) Permitted Uses and Disclosures. TLN will not use or further disclose PHI other than as permitted or required by the Agreement or as required by law.
(d) Safeguards for Protection of PHI. TLN will use appropriate safeguards to prevent the use or disclosure of the PHI other than as provided for by this Statute or as required by law. TLN maintains administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, receives, maintains, or transmits on behalf of DME clients.
(e) Reporting of Unauthorized Uses or Disclosures and Security Incidents TLN will report any unauthorized use or disclosure of the PHI and, any Security Incidents of which it becomes aware.
(f) Mitigation of Unauthorized Uses or Disclosures. TLN will mitigate, to the extent practicable, any harmful effect of which it becomes aware of a use or disclosure of PHI by TLN or one of its agents or subcontractors in violation of the requirements of this Statute.
(g) Agents and Subcontractors. TLN ensures that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by TLN on behalf of, DME clients agrees in writing to the same restrictions and conditions that apply through this statute with respect to such PHI.
(h) Authorized Access to PHI. To the extent that TLN maintains PHI in a Designated Record Set and at the request of DME clients, TLN provides access to PHI in a Designated Record Set in order to meet the requirements under 45 C.F.R. § 164.524.
(i) Amendment of PHI. To the extent that TLN maintains PHI in a Designated Record Set, TLN will make any amendment(s) to PHI in a Designated Record Set that its DME client directs or agrees to pursuant to 45 C.F.R. § 164.526.
(j) Secretary’s Right to Audit. TLN will make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by TLN on behalf of, DME clients available to the Secretary for purposes of the Secretary determining such DME compliance with the HIPAA Regulations.
Copyright © The Leads Network LLC 434 N. Columbia St. #200, Covington, LA. 70433 / 800-300-2780