The simplest way that I can think of for providers to minimize this hassle is to confine themselves and their information-sharing to providing care, getting paid, and running their offices. None of these TPO activities require authorization when out-sourced to a BA. -Chris
Christopher J. Feahr, OD http://visiondatastandard.org [EMAIL PROTECTED] Cell/Pager: 707-529-2268 At 12:09 PM 2/20/02 -0700, Zimerman, Gal wrote: >I might be confused but it seems that Health Care Providers would need a >countless array of consent and authorization forms (blanket, group, >exceptions...). Is there a repository of template forms somewhere that I >might access and adapt for our company or do I need lawyers to draft forms >from scratch? > >Gal Zimerman >HIPAA-Solutions >Private Consultant >(303) 929-0940 > >-----Original Message----- >From: Oriol, Albert >[<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 20, 2002 9:56 AM >To: 'McNamee, James'; [EMAIL PROTECTED] >Subject: RE: Business Associates and Patient Authorization > >James, if your BA's are performing "treatment, payment or healthcare >operations" functions on your behalf you will not require authorizations. I >can't imagine sharing individually identifiable info with scores of BA's for >other purposes, and the list should be quite manageable. Note that you >probably already have an authorization ( as part of the "informed consent" >in IRB common rule language) that you are using in order to share info with >your research BA's > >a. >Albert Oriol, CHE, CISSP >Privacy & Data Security Officer >The Children's Hospital >[EMAIL PROTECTED] >(303) 861 6094 > >"All things should be as simple as possible, but no simpler" >-- Albert Einstein > >-----Original Message----- >From: McNamee, James >[<mailto:[EMAIL PROTECTED]>mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 20, 2002 9:09 AM >To: [EMAIL PROTECTED] >Subject: Business Associates and Patient Authorization > >HIPAA regs seem to imply that patients must execute an authorization before >their PHI can be shared with a CE's Business Associate. Various BAs will use >various portions of the PHI for different lengths of time as they perform >the contracted work. Since patient authorizations must be specific -- saying >to whom PHI is released, for what purpose and for how long -- this raises a >practical concern. > >If a large organization has scores of BAs to which it releases PHI, does >this organization need to give patients scores of authorization documents to >sign? Or is it permissible under HIPAA to craft a single but less-specific >authorization that would suffice? > >________________________________________ >James E. McNamee, PhD >Associate Dean of Information Services and CIO >School of Medicine >University of Maryland, Baltimore >Information Services, Room 214 >100 N. Greene St. >Baltimore, MD 21201 > >voice: 410-706-2881 >fax: 410-706-4871 >e-mail: [EMAIL PROTECTED] > >********************************************************************** >To be removed from this list, go to: ><http://snip.wedi.org/unsubscribe.cfm?list=privacy>http://snip.wedi.org/unsubscribe.cfm?list=privacy > > >and enter your email address. > >CONFIDENTIALITY NOTICE: The information contained in this message is legally >privileged and confidential information intended only for the use of the >individual or entity named above. If the reader of this message is not the >intended recipient, or the employee or agent responsible to deliver it to >the intended recipient, you are hereby notified that any release, >dissemination, distribution, or copying of this communication is strictly >prohibited. If you have received this communication in error, please notify >the author immediately by replying to this message and delete the original >message. >Thank you. > > >********************************************************************** >To be removed from this list, go to: ><http://snip.wedi.org/unsubscribe.cfm?list=privacy>http://snip.wedi.org/unsubscribe.cfm?list=privacy > > >and enter your email address. > >********************************************************************** >To be removed from this list, go to: >http://snip.wedi.org/unsubscribe.cfm?listivacy >and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
