On Mon, 14 Oct 2002 13:50:31 +0000, Scott R. Millis wrote: > As the October 15th HIPAA deadline approaches, I wanted to find out > how your research organizations or departments have been affected by > HIPAA. If your department or organization is engaged in research > (and not medical care) have you or will be be filing a compliance > plan? > > Thanks, > SR Millis
Just for clarification: The 10/15/2002 deadline was for the transaction part of the HIPAA process and not the privacy part of the process. This will generally affect those "covered entities" that are involved in various data related transacations, typically reimbursement and other healthcare operations. The phrase "Covered Entities" has very specific criteria and you can visit the HHS web site for more information and a determination as to whether or not you meet those criteria. In general, covered entities are those involved with treatment, payment and healthcare operations. Only covered entities who will not meet the original deadline needed to complete compliance extension plans by 10/15/2002. If you are not a "covered entity", you are not directly impacted by this deadline. If you are a department within a covered entity, then your "parent" organization is affected by the deadline, if they would not be able to comply with the original deadline. If this is your scenario, then you should check with your internal HIPAA resources to ascertain how their implementation may affect you. The privacy part of the HIPAA process deadline is next April. If you are a covered entity or a department within a covered entity, you should seek appropriate expertise within your organization to determine how this will affect you and your research. If you are not a covered entity, then you will likely be affected as a "business associate" to a covered entity and may have certain legal and operational issues to resolve. Again, appropriate expertise will be required given the nature of the beast and the operational implications for your organization. Given the recent changes in the privacy part of the HIPAA legislation, you should be sure that any guidance you get in this area is based upon those changes, which are also available from the HHS web site. The URL for the HHS HIPAA privacy site is: http://www.hhs.gov/ocr/hipaa/ which is the new Office of Civil Rights within HHS. HTH. Marc . . ================================================================= Instructions for joining and leaving this list, remarks about the problem of INAPPROPRIATE MESSAGES, and archives are available at: . http://jse.stat.ncsu.edu/ . =================================================================
