I have two concerns with this--first, an authorization must be for a specific purpose and time-specific, as well, with a start and end date. Second, no authorization is required for "health care operations" when the BA is performing tasks "on your behalf", which is why they are Business Associates. I am concerned that this is heading down the "not necessary" path, and creating lots of work and problems that are not required.
Am I missing something? Carolyn Price -----Original Message----- From: Waterhouse, Melissa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: RE: Business Associates and Patient Authorization We are also looking into an annual authorization for our members that they can sign at the time of re-enrollment. I would like it to list several businesses we share information with. Would we need a separate authorization form for each purpose? -----Original Message----- From: McNamee, James [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 11:09 AM To: [EMAIL PROTECTED] Subject: Business Associates and Patient Authorization HIPAA regs seem to imply that patients must execute an authorization before their PHI can be shared with a CE's Business Associate. Various BAs will use various portions of the PHI for different lengths of time as they perform the contracted work. Since patient authorizations must be specific -- saying to whom PHI is released, for what purpose and for how long -- this raises a practical concern. If a large organization has scores of BAs to which it releases PHI, does this organization need to give patients scores of authorization documents to sign? Or is it permissible under HIPAA to craft a single but less-specific authorization that would suffice? ________________________________________ James E. McNamee, PhD Associate Dean of Information Services and CIO School of Medicine University of Maryland, Baltimore Information Services, Room 214 100 N. Greene St. Baltimore, MD 21201 voice: 410-706-2881 fax: 410-706-4871 e-mail: [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
