We have gone through the process of determining how a State DHHS
fits within the definitions of covered entities under the privacy regulation.
The result was a written opinion by the AG's office clarifying that the DHHS was
a hybrid entity and such, contained covered components (departments and
functions within departments performing covered functions. This was the first
cut at identifying how to apply the Privacy definitions and requirements. The
second issue was to identify who comprised the "workforce". Once these two
issues were addressed then we could map out which departments, divisions, and
functions made up covered components of the hybrid entity and then begin our
privacy and PHI requirements overlay. We continuously go back to the definitions
and ask how our questions fit within the definitions (and our interpretation of
the definitions) as a point of reference in going forward. You will have to
determine if the Guardianship programs are covered entities (or components if a
hybrid) and then begin your assessment. Conducting the analysis of State law
vs.. HIPAA for the pre-emption analysis will be critical in your overall
approach to developing policies regarding PHI, consent, authorization, need to
know, etc.
Hope this is helpful.
-----Original Message-----
From: Dye, Travis [mailto:[EMAIL PROTECTED]]
Sent:
Wednesday, December 12, 2001 11:33 AM
To: [EMAIL PROTECTED]
Subject: RE:
PHI Question
Has anyone assessed Privacy or PHI requirements as they
pertain to
State(DHS)Guardianship programs?
Travis
Dye
**********************************************************************
To
be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter
your email address.
**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.
