Does anyone on here have an opinion about the following situation? In discussions with various individuals, there's a gray area in regards to who's data is it and at one point in regards to Protected Health Information (PHI) and so forth. Here's a situation we're looking at. As a clearinghouse, we are a Covered Entity (CE). We are also a Business Associate (BA) to providers and some health plans, otherwise a trading partner (TP) to other health plans. Our dilemma is this: Under the Privacy provisions, to many extents our business of being a Clearinghouse would enact that we would need to follow CE items. From my understanding, covered entities hold onto PHI for a minimum of 6 years in case of a request for access (164.524), but if we are acting as a BA to the provider, would we be held responsible to hold that data for the 6 period? If so, I am assuming since we are doing this as a service, a reasonable charge can be associated with this. Also within the Privacy regulations (164.504) as a BA to entities, they have the ability upon termination of a contract, request for return of PHI or Destruction of the PHI if feasible. So here are my questions: 1 Whose PHI is it at what point that they can ask for destruction or return if the contract is terminated? Is it the provider's until they submit the claims to a health plan and then becomes the health plan's after the submission? If so, can we destroy that information if it is now the health plan's when it is a provider who terminates the contract? Would this be considered one of the "not feasible" situations? What if the health plan who was once a BA now terminates the agreement? Same kind of quandary there. 2 If we are able to destroy or return the data, I can not find anywhere in the regulations of who covers the cost of returning or destroying the PHI. Can the provider or health plan be charged a reasonable fee for such work? There is a section that discusses assessing a reasonable fee to access any PHI.
If anyone has an opinion or can shed some light on this subject it would be great appreciated. Thank you in advance. Suzanne Ronde Proservices Health Information Technology HIPAA Project Manager Change is the law of life. And those who look only to the past or the present are certain to miss the future. - Kennedy, John F. This electronic message is intended only for the use of the addresse(s) named above and may contain legally privileged and/or confidential information. If you are not the intended recipient of this message, you are notified that any dissemination, distribution or copying of this message is strictly prohibited. If you received this message in error, please notify the sender by telephone and delete the original message. Thank you for your cooperation. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address.
