Margaret, I would agree with your comments. I think this falls under the letter and the intent of the law. If HHS does not clarify this I am sure Congress will. Privacy and security have become to big an issue to have this type of loophole.
Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 -----Original Message----- From: McCauley Margaret M [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 11:17 AM To: 'Noel Chang'; [EMAIL PROTECTED] Subject: RE: Covered entities I also interpret that the provider must transmit electronically - or they are not covered. I doubt that is what they wanted the law to say - but that is what it says. I would hope that will be addressed in the upcoming clarifications. Thanks, Peg McCauley HIPAA Program Office Phone: 309-765-0655 e-mail: [EMAIL PROTECTED] NOTICE: This message (including attachments) is covered by the Electronic Communication Privacy Act (18 U.S.C. sections 2510-2521) and the HIPAA Regulation (45CRF Parts160-164)or other confidential information. If you are not the intended recipient, any retention, dissemination, or copying of this message is strictly prohibited; please reply to the sender that you have received the message in error, then delete it. Thank you! -----Original Message----- From: Noel Chang [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 10:45 AM To: [EMAIL PROTECTED] Subject: Covered entities Has anyone seen any further clarification from DHHS on who must comply with the Privacy Rule? The way I interpret the final rule published in December of 2000, and the guidelines published in July of 2001, the only health care providers that must comply are those who electronically conduct one or more of the ten covered transactions. I have encountered a specialist who does not accept any insurance, they are a cash only operation. As such they do not file any claims or deal with eligibility, etc. By my reading they would appear to not be a covered entity and therefore are not required to comply with the Privacy Rule. I keep seeing information from various sources (not DHHS or OCR, however) that make very broad statements such as "HIPAA applies to everyone" or "there are no HIPPAA free records". I can understand what they mean by these statements in certain context but I think they are a little too broad and misleading. Does anyone else agree that a doctor's office who is not electronically conducting a covered transaction is therefore not a covered entity for the purposes of the Privacy Rule? If you do not agree, can you cite where is the requirement that such an office comply with the Privacy Rule? Thanks, Noel Chang ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
