What should you do when you receive a test result that you did not order? This situation is becoming more common as patients now have additional options to self-refer for such tests, often without your knowledge. Examples include health fair results, coronary screening tests, or hospitalizations without your involvement. The following are guidelines for dealing with unsolicited diagnostic tests and help to mitigate your liability risk.
Scenario A: When there is a pre-existing physician-patient relationship Two common scenarios are illustrated in the following cases:
CASE 1
A national testing organization set up a health fair at the church of your 63-year-old patient. After review of the tests offered, she opted to have a cholesterol blood panel as well as an ultrasound to assess her carotid artery intima media thickness. The study results were remarkable for a CIMT of 1.1mm (highest risk category). Your office received the results by mail from the testing organization. You are unsure what, if any, follow-up action to take based on this test result other than putting it in the patient record.
CASE 2
Your 47-year-old patient self-referred for a heart scan after his older brother had a myocardial infarction. You have taken care of this patient for at least 20 years and you last saw him three years ago for a routine physical exam that was unremarkable including normal labs. He also saw a cardiologist approximately five years prior to evaluate palpitations. The heart scan results revealed an Agatston score of over 300, placing the patient in the highest risk category for coronary heart disease and future myocardial infarction. Your office received a fax with the results from the walk-in heart scan clinic.
In both cases, since you and the patient have an existing physician-patient relationship, you should assume responsibility for contacting the patient to discuss the meaning of the results and a plan of action. This could be an office appointment, a telehealth visit, or a phone conversation. Alternatively, you could refer the patient to the appropriate specialist for interpretation of the test result and determining the course of action, regardless of whether the patient self-referred for the test. Additionally, in the second case, you should not assume that the cardiologist who the patient saw before has either received the heart scan results or is acting upon them (even if the report explicitly states a copy is being sent there). Since you have direct knowledge of the at-risk test result, the best practice would be to follow up with the patient directly and not assume some other physician is following up.
Although neither of the preceding scenarios would warrant urgent evaluation, the test results do reveal potential risk factors for major adverse events such as heart attacks or strokes. Arranging for communication with the patients regarding results and next steps, even though you did not request the tests, ensures appropriate follow-up occurs.
You may be in a physician-patient relationship that is not necessarily obvious. For example, accepting a capitated payment from a health plan on behalf of a patient may establish a physician-patient relationship regardless of whether you’ve actually seen that patient. You should be aware of this potential issue in your practice setting.
Scenario B: When there is no established physician-patient relationship
CASE 3
A 68-year-old man who recently moved to town went to a local health fair for screening labs. The form he completed prior to his blood draw asked for a primary care physician’s name to send the results to, and, based on a friend’s recommendation, he put down your name. The test results, remarkable for an elevated PSA of 8.6, arrived by mail at your office the following week. Your team realized the patient was not part of your practice, and, of note, you have closed your practice to new patients for over five years. You wonder what to do next.
In this case, since no relationship exists, you may choose whether or not to accept the patient into your practice:
- If you accept the patient, first contact the patient and assume all the obligations of interpretation, monitoring, and follow-up of the diagnostic test.
- If you choose not to enter into a physician-patient relationship, return the original test to its source or the diagnostic center responsible for it. If you do this, use a statement such as “This is not a patient in our practice. Please use your data to inform the patient for appropriate physician referral or follow-up.”
This action would also be appropriate if you receive test results in error (e.g., by fax or mail). Calling the sender directly to notify them of the misdirected result has the best chance of getting the information to the patient and the proper provider for appropriate treatment and follow-up. Critical test results may require more diligence to ensure the information gets to the appropriate provider in a timely manner.
What should you do for documentation in this scenario? Although there is no legal duty, in the interest of patient safety there are some suggested steps you should take in returning an unsolicited diagnostic test:
- You should keep a log that documents the date the test was received, the patient’s name, the action taken in returning the test to the sender, and who the sender is.
- It is recommended that you fax the test information back so you will have documentation that the information was faxed to the appropriate test source and received.
A final scenario that occasionally occurs is when a laboratory, imaging center, or other facility sends a test result by mistake to your office. This can happen for a variety of reasons but is most common when two practitioners in a region share the same name. Although the information is clearly not meant for you, it is still important to follow the above steps for returning the information to the sender and documentation. Also, receiving protected health information for a non-patient inadvertently is considered a HIPAA breach on the part of the sender. It would be appropriate for the sender to request that you destroy the information as part of their HIPAA breach mitigation.
Information in this article is for general educational purposes and is not intended to establish practice guidelines or provide legal advice.
Article originally published in 2Q21 Copiscope.
