Like most everyone else, we've been stuggling with getting our arms around exactly what is considered PHI. We're taking a very restrictive view and pretty much starting with the 18+ de-identifiers, in an by themselves, as being our universe. 'nuf said on the 'what' - here's the other side of the coin: Whose information is subject to the rules? Pretty safe bet that the members are all in the mix, problem is who do you treat like a member? Are prospective members who are sending us PHI covered, or do you wait until they become true applicants to begin your diligence? How about a physician who sends us PHI, possibly including information on personal health conditions, during the credentialing process? Should their PHI be subject to the HIPAA regs? OK, one more - since we are a plan, how about our employees who are not members but provide PHI during their employment application process? Be interested to hear how others are determining the bounds of who's in, who's out - thx - b
Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
