I would tend to agree with Rachel. As I read the information provided, the self-insured company is the covered entity (health plan), the TPA is a business associate of the self-insured plan, and MGU is a business associate of the TPA. Exchanges between the TPA and the Health Plan are not covered under HIPAA (but may make good business sense). To the extent that the TPA is conducting covered transactions on behalf of the covered entity they have be in standard. Exchanges between the TPA and MGU are not covered under HIPAA. Again, if MGU is conducting covered transactions on behalf of the TPA those must meet the standards. I think it is smart of MGU to want to use the standards however it is likely not required. However, I think the TPAs they are working with need to reassess their situation, it is likely they are covered under HIPAA. If MGU can convince them of that they may be more inclined to use standards with MGU. Also, the information exchanged appears to be PHI and as such is subject to the Privacy Regulations.
My two cents worth. Lindsay W. Askew, Jr. Program Director, HIPAA Magellan Behavioral Health -----Original Message----- From: Rachel Foerster [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 7:05 PM To: [EMAIL PROTECTED] Subject: RE: HIPAA EDI Cynthia, I disagree with you regarding the entity in question - Managing General Underwriter. The writer indicates they work with TPAs, carriers and brokers. It seems clear that MGU is an underwriter but not one of the covered entities to which HIPAA applies. MGU is not a TPA nor a carrier nor a broker nor a health plan nor a health care provider nor a clearinghouse as defined under HIPAA. As such HIPAA does not apply to them. TPA's per se are not covered entities unconditionally and MGU did not indicate they act in a TPA role. Furthermore, the mere act of "communicating membership" does not consititue the "enrollment in a health plan, the termination of coverage in a health plan, or any change to the coverage for an individual under a health plan." Thus, communicating membership is not the actual enrollment, disenrollment, etc. in a health plan. Therefore, this information exchange is not covered under HIPAA. Thus, it's essential that the relationships between the various entities be examined closely to determine which entity is the covered entity and then which other entities are the business associate of the covered entity. Only when the relationship is one of covered entity to covered entity or the business associate of a covered entity to a covered entity, does the business associate then have to comply with HIPAA as if it were in fact the covered entity. In the description of the relationships provided, there does not appear to be a business associate relationship to a covered entity defined, only that MGU "works in the self-insured sector....and does not work directly with any health care organization or provider." Therefore, MGU appears not to be a covered entity and it appears that the entities it does business with are not covered entities either. As a result MGU is off the hook....unless it is a business associate of a covered entity performing a HIPAA mandated function for that covered entity. You appear to confuse the issue by bringing in the concept of an ERISA group plan, yet the person with MGU does not indicate they are in this situation. Of course, these are my personal opinions and interpretation only based on the scant information provided to us. Thus, I strongly encourage Steve to consult with MGU's legal counsel to determine the role it plays with its various business partners so that a determination can be made as to whether HIPAA applies to MGU or not. Rachel Foerster Rachel Foerster & Associates, Ltd. Phone: 847-872-8070 -----Original Message----- From: Cynthia Korman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 23, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: Re: HIPAA EDI Actually, I beg to differ with Rachel's opinion...the transaction rules have to be followed whether the transmissions are between or within covered entities - my understanding is that since an ERISA healthplan is defined as a covered entity, those that communicate membership to TPAs must do so via an 834. Also, their TPAs must be prepared to handle standard transactions from providers that provide care to the ERISA plan's members. Where am I off base? ----- Original Message ----- From: "Rachel Foerster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 23, 2002 12:38 PM Subject: RE: HIPAA EDI > Steve, > > >From your description of your company I doubt that HIPAA applies to it. It > doesn't appear to be a health plan, clearinghouse, or health care provider. > Thus, it would be my opinion that the format, etc. used by your company > would be one based on mutual agreement between you and whoever you're > exchanging the data with. > > Rachel Foerster > Rachel Foerster & Associates, Ltd. > Phone: 847-872-8070 > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 23, 2002 11:03 AM > To: [EMAIL PROTECTED] > Subject: HIPAA EDI > > > So if I understand what everyone is saying correctly: > > [1] your business must have HIPAA EDI capability ready for any requests > that may occur. That is required although you may not be required to use > it (Carriers, providers, etc. may have you continue to use paper, etc.). > > ---------- > I as mentioned earlier my situation is interesting: > I work for an MGU (Managing General Underwriter) in the Self-Insured > market. We work with TPAs, Brokers and Carriers but not directly to any > health organization nor hospital. Currently our Carriers have no plans > nor requirements for us for HIPAA EDI. Most of our TPAs and Brokers also > have no plans as of this time. > > We are working on building up our EDI capabilities ... but if we build it > will it be used?!?! With this HIPAA mandate we were ready to move forward > but if the people we are communicating with are not we are put in a catch > 22 situation with compliancy. > > Sincerely, > > Steve Sklar > IT Manager > Majestic Underwriters, Inc. > Troy, Michigan > (p) 248.583.4488 x246 > > > ********************************************************************** > To be removed from this list, go to: > http://snip.wedi.org/unsubscribe.cfm?list=business > and enter your email address. > > > > ********************************************************************** > To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business > and enter your email address. > ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address.
