Re: PHI Question

[DKHGRMI]

A key missing piece is that while the information may well be protected information, if the pharmacy's Notice includes the fact that information about the price and "prescription drug" label is passed to the store's computer for check-out - and if the patient signed the related Consent - there is no problem with the definition of PHI and its applicability.

The privacy game is mostly about informed consent. The Notice is required for the pharmacy to fill the prescription (OK, if not to fill it, then at some point during the relationship with the customer.), why not include the way checkout is handled in the information provided in the Notice. If the customer objects, the store may have to complete the pharmacy checkout right at the pharmacy.

It is a little hard for me to understand why someone willing to stand in line at the pharmacy would seriously object to a record indicating they bought something at the pharmacy. However, it is the patient's right to choose and their right to be reasonably informed of the use of the information. Their name is PHI in the pharmacy database and if the pharmacy shares that information, it should be with the informed consent of the customer.

Should be covered by customer service and never get to HIPAA regulations.

The argument that the fact a prescription was purchased is not proof that the prescription was for the customer is a little weak. Look over what has to be done to scrub data under the "safe harbor" limits. If the purchase only narrows the identification down to a small group of family and friends, it would still be far less than the minimum group size specified under "safe harbor".

Dale K. Howe

**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.