RE: PHI Question

[Pete Lareau]

Paul,   Even assuming that the record entry reveals the name and the specific drug purchased, the definition of protected health information provides that it must be "individually identifiablle health information (IIHI)."  In turn, IIHI is defined as health information "created or received by a health care provider, health plan, employer, or health care clearinghouse."  It is not all that clear to me that the info in question was created by such an entity.  If the info is view as having been created and/or received by the grocery store, we need to know the relationship between the pharmacy and grocery store.  Assuming that the pharmacy is a department of the grocery store, but part of the same legal entity, the regulation's provisions regarding hybrid entities and health care components appear to be implicated.  I don't pretend to have the answer, but I think these areas merit exploration.   Pete Lareau -----Original Message----- From: Paul Costello [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 2:12 PM To: [EMAIL PROTECTED] Subject: PHI Question I have a question regarding the definition of personal health information (PHI) and how it is defined the following scenario:   A grocery store that uses "loyalty" cards (cards used by consumers to receive discounts on purchased items) captures, at the point of sale, that a consumer purchased a prescription drug at the pharmacy.   The grocery store stores, in a database, the following information:   Name: John Doe   Date: 1/1/01   Items: "Bread" "Milk" "Prescription Drug"   Would the fact that John Doe purchased a "prescription drug" on 1/1/01 be considered PHI?   Any insight in greatly appreciated.   Thank you. Paul Costello   __________________________ Paul V. Costello Senior Consultant CGI 3100 Zinfandel Drive, Suite #250 Rancho Cordova, CA  95670 Phone: (916) 631-7645 ext. 30 Fax: (916) 631-7647 E-Mail: [EMAIL PROTECTED]   ***Confidentiality Notice*** Proprietary/confidential information belonging to CGI (formerly IMRglobal) may be contained in this message.  If you are not a recipient indicated in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else.  In such cases, you should destroy this message and kindly notify the sender by reply mail. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=ivacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.