Kathleen, It is true that you are disclosing to a third party that is not required to protect the information under HIPAA. However, there are many examples of this because HIPAA only governs covered entities and those organizations acting on behalf of covered entities (BA), and it is recognized that there are disclosures to entities that it cannot regulate:
So, disclosures to a third party required by law - like mandatory registries are allowed under HIPAA but the information is not protected once the registry has it, disclosures by a provider to workers compensation are the same way, as are some disclosures to financial institutions (depending on whether they are acting as a BA or not), and the disclosures below. Leah Hole-Curry Fox Systems Inc. 602-708-1045 >>> "Kathleen Golovan" <[EMAIL PROTECTED]> 03/27/02 09:36 AM >>> But is there an issue because you are sharing with a third party that is not a Covered Entity and not a Business Associate in order to facilitate "payment. For example, when I use a third party to do something that qualifies as "healthcare operations" I must have a Business Associate Agreement with them to protect the information when it leaves my control. What is protecting the information when I send it to the property/casualty insurer ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=business and enter your email address.
