In this case it would appear that the data being exchanged is PHI, the disclosure of which should most likely be authorized by the individual....unless the TPA is providing the enrollment information on behalf of its business associate - the covered entity - and the information exchange is part of the covered entity's treatment, payment or health care operations functions. Such TPO activities constitute at least 90-95 of a provider's activities and probably somewhat less for a payer.
Thus, again, the data is PHI and must be appropriately safeguarded and kept confidential, but no specific HIPAA transaction is mandated for the information exchange. Rachel Foerster Rachel Foerster & Associates, Ltd. Phone: 847-872-8070 -----Original Message----- From: Scott Mingee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 12:52 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: HIPAA EDI What if a MGU is not involved and a TPA is sending enrollment or claim related information directly to a carrier for Stop/Loss reimbursement? Scott -----Original Message----- From: Rachel Foerster [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: RE: HIPAA EDI Steve, >From your description of your company I doubt that HIPAA applies to it. It doesn't appear to be a health plan, clearinghouse, or health care provider. Thus, it would be my opinion that the format, etc. used by your company would be one based on mutual agreement between you and whoever you're exchanging the data with. Rachel Foerster Rachel Foerster & Associates, Ltd. Phone: 847-872-8070 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 11:03 AM To: [EMAIL PROTECTED] Subject: HIPAA EDI So if I understand what everyone is saying correctly: [1] your business must have HIPAA EDI capability ready for any requests that may occur. That is required although you may not be required to use it (Carriers, providers, etc. may have you continue to use paper, etc.). ---------- I as mentioned earlier my situation is interesting: I work for an MGU (Managing General Underwriter) in the Self-Insured market. We work with TPAs, Brokers and Carriers but not directly to any health organization nor hospital. Currently our Carriers have no plans nor requirements for us for HIPAA EDI. Most of our TPAs and Brokers also have no plans as of this time. We are working on building up our EDI capabilities ... but if we build it will it be used?!?! With this HIPAA mandate we were ready to move forward but if the people we are communicating with are not we are put in a catch 22 situation with compliancy. Sincerely, Steve Sklar IT Manager Majestic Underwriters, Inc. Troy, Michigan (p) 248.583.4488 x246 ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address.
