For Immediate Release:
575 Eighth Ave., 21st Floor
New York, NY 10018
Phone: (888) 446-4588
JCA Announces New HIPAA Regulations Advice for Fundraisers
New York, NY, (PRBuzz.com) February 22, 2013 -- With the recent changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules by the Health and Human Services (HHS), Jacobson Consulting Applications (JCA) offered advice for fundraisers operating within the new regulations.
From the 563 document, JCA has outlined three main points that fundraisers should be aware of concerning the new HIPAA rules and regulations: changes to information access, stronger opt out rules and penalties for violating the new rules.
Changes to Information Access
The current rule allows a fundraiser access to demographic information relating to the patient, the dates the health care was provided, and health insurance status. The new rule expands what fundraisers can access. Now, fundraisers have access to:
• Address and other contact information
• Date of birth
• Department (e.g., cardiology, oncology, pediatrics)
• Treating physician
• Outcome information (this includes sub-optimal results, specifically for the purposes of removing from solicitations)
• Health insurance status
According to Steve Beshuk, Director of Strategic Initiatives at JCA, this access to new information means more opportunities for fundraisers.
"The more information you have about your donors and prospects, the more effective you can be. This includes mass fundraising - like mail and email - as well as major giving. Access to this information should allow fundraisers to segment their donors and prospect more effectively and refine the timing and content of fundraising communications."
Stronger Opt Out Rules
The current requirement "... that a covered entity make reasonable efforts to ensure that those individuals who have opted out" are not contacted is being changed to, "... [the fundraising organization] may not send fundraising communications to an individual who has elected not to receive such communications."
"This can be difficult rule to follow. It is common for our clients to manage advanced mail schedules. That can create a lag between creating a mailing list and updating to the opt out list. The HHS response to this concern is essentially that these are the same issues any health care agency must deal with," said Beshuk.
Beshuk notes that the reason why fundraising organizations have difficulty maintaining opt-out lists is because data management systems are not controlled.
"We help many of our clients establish centralized, controlled data management systems, because it is simply a better and more effective way to do business. These new HIPAA rules make that 'best practice' even more imperative."
According to the new rules, the individual's choice to opt out must be "clear and conspicuous" and does not cause the individual "to incur an undue burden." Implementing this requirement is left to the discretion of the organization, but the HHS gives acceptable examples, such as a toll-free number, dedicated email, or a pre-paid mailer.
There are areas of the new regulations, however, that come off as unclear, such as whether or not an individual who has opted out can still be sent email solicitations.
"The answer appears to be yes and no," said Beshuk. "An organization can offer individuals a choice of their preferred method for receiving fundraising communications and allow the individual to opt out of specific channels. However, if an individual opts out without specificity, then the opt out applies to all fundraising communications."
Penalties for Violating the Rules
According the new guidelines, the HHS will review violations and impose penalties on offending organizations. There are four levels of violation that include instances in which: fundraisers "Did Not Know" about the new regulations; had "Reasonable Cause" for violating a regulations; willfully neglect adhering to a rule, but correct the infraction; and willingly neglect adhering to a rule, but do not rectify the infraction. Each violation involves a monetary penalty anywhere from $100-50,000, with a fine of $1,500,000 in all for categories for infractions repeated with in a calendar year.
"You can see how the costs would add up quickly on a large mailing," said Beshuk.
For more information about JCA, visit www.jcainc.com or call (888) 446-4588.
Since 1988, over 700 nonprofit organizations have turned to JCA as a strategic consulting partner to make fundraising, ticketing, membership, and related technologies work for people. They implement and integrate software, improve processes and manage the cultural impact so that staff can work more effectively and organizations can spend more time on mission-critical work. JCA works with organizations in every non-profit sector, including education, health care, cultural, environmental, religious and social services. For more information, visit www.jcainc.com.