I agree with you Ben... And Bill, where does this come from?:
"Protected health information. We proposed to define "protected health information" to mean individually identifiable health information that is or has been electronically maintained or electronically transmitted by a covered entity, as well as such information when it takes any other form. For purposes of this definition, we proposed to define "electronically transmitted" as including information exchanged with a computer using electronic media, such as the movement of information from one location to another by magnetic or optical media, transmissions over the Internet, Extranet, leased lines, dial-up lines, private networks, telephone voice response, and "faxback" systems. We proposed that this definition not include "paper-to-paper" faxes, or person-to-person telephone calls, video teleconferencing, or messages left on voice-mail." It does not come from 164.500.. At least not in any way I can see and I cannot see how 164.500 excludes faxes in any way.... -----Original Message----- From: Benjamin W. Tartaglia [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 3:33 PM To: Heiert, David Subject: RE: Covered entities It doesn't. I cannot believe a Verizon person reads it that way. I've been involved with voice, data, image and sensory telecommunications for 30 Plus years. I spent nine years in healthcare at a major hospital and medical school. I've done all kinds of fax applications. The logic error here is in the reasoning...."faxes are not mentioned specifically.. therefore they are excluded". In logic 101 "negating the antecedent destroys the consequence". -----Original Message----- From: Heiert, David [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 2:49 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Covered entities How does this statement possibly exclude faxes?? They do use dialup phone lines... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 10:56 AM To: [EMAIL PROTECTED] Subject: RE: Covered entities The Rule folks, excludes faxes from being considered electronic media. "...Electronic media means the mode of electronic transmission. It includes the Internet (wide-open), Extranet (using Internet technology to link a business with information only accessible to collaborating parties), leased lines, dialup lines, private networks, and those transmissions that are physically moved from one location to another using magnetic tape, disk, or compact disk media." Marsha Verizon Information Technologies Inc. Managed Care Division Phoenix, AZ Phone - 602.678.6042 Fax - 602.678.6331 E-mail - [EMAIL PROTECTED] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. "Bill Bernath" <Bill.Bernath@bcb To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, snc.com> <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> cc: 03/19/02 05:45 AM Subject: RE: Covered entities Got to disagree here folks - a fax is not an electronic transmission. It cannot be decoded or encrypted. The net effect of a fax is the same as leaving an letter delivered through the USPS face up on your desk. - b Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] >>> "Hopper, Gene" <[EMAIL PROTECTED]> 03/18/02 05:56PM >>> I would think that if it is the intent of HHS to prevent the unauthorized disclosure of personal health information, faxes would be covered. Faxes are certainly an electronic method of transmitting data, and the most insecure one available at that. How do you know where the fax went (e.g.: transposed numbers, wrong fax numbers used) or who picked the fax up, whether or not the fax is in an unsecured area. Generally speaking all the security features (receipting, access authorizations, etc.) built into other forms of electronic transmissions (even e-mail, for crying out loud) are missing. Some folks are saying for faxes to be secure you must call the people you are faxing to, verify the fax number, tell them you are sending a fax, fax the document, and finally call them back to ensure that it has arrived and the authorized person has the fax in hand (I guess you send out search parties if they don't) -----Original Message----- From: Donna Kinney [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 1:57 PM To: 'Leah Hole-Curry'; '[EMAIL PROTECTED]' Subject: RE: Covered entities My only question in this regard is about faxes. Does the rule contain specic language which makes it clear that faxes are not "electronic form" or does faxing a claim or an EOB or an attachment automatically make you a covered entity? -----Original Message----- From: Leah Hole-Curry [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 11:34 AM To: [EMAIL PROTECTED] Subject: Re: Covered entities Noel and Max, You are both correct. The definition of a covered entity related to providers is as follows (at 160.103): Covered Entity means:... a health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter. This definition is in Part 160 of the regulation - the general regulatory provisions. Unless HHS changes this part of the regulation, providers that don't transmit standard transactions by electronic means (or have someone do it on their behalf) are not covered by any of the administrative simplification regulations - transactions, privacy, etc. The risk for such providers, who are bound to be a very small minority, is that if health information is not kept private, and it damages an individual, the individual may sue under general state law and use HIPAA as an industry standard of care that the provider failed to follow. Whether this will hold result in liability is an open question. Leah Hole-Curry Fox Systems, Inc. 602-708-1045 >>> "Max Bumbalough" <[EMAIL PROTECTED]> 03/18/02 10:25 AM >>> Noel, I asked that question at the SNIP Conference in Chicago early last year and was told that if a healthcare provider does NOT electronically transmit any of the covered transactions, then they will not have to comply with the Privacy & Security Regulations. However, a HC Provider will not be excluded from complying with the Privacy & Security rules by merely using a billing service/company to transmit electronic transmissions. Has anyone else heard anything different? Max Bumbalough HIPAA Consultant GovConnect, Inc. (800)565-4873 x230 [EMAIL PROTECTED] >From: Noel Chang <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Covered entities >Date: Mon, 18 Mar 2002 10:44:45 -0600 > >Has anyone seen any further clarification from DHHS on who must comply >with the Privacy Rule? > >The way I interpret the final rule published in December of 2000, and >the guidelines published in July of 2001, the only health care providers >that must comply are those who electronically conduct one or more of the >ten covered transactions. I have encountered a specialist who does not >accept any insurance, they are a cash only operation. As such they do >not file any claims or deal with eligibility, etc. By my reading they >would appear to not be a covered entity and therefore are not required >to comply with the Privacy Rule. > >I keep seeing information from various sources (not DHHS or OCR, >however) that make very broad statements such as "HIPAA applies to >everyone" or "there are no HIPPAA free records". I can understand what >they mean by these statements in certain context but I think they are a >little too broad and misleading. Does anyone else agree that a doctor's >office who is not electronically conducting a covered transaction is >therefore not a covered entity for the purposes of the Privacy Rule? If >you do not agree, can you cite where is the requirement that such an >office comply with the Privacy Rule? > >Thanks, > >Noel Chang > > >********************************************************************** >To be removed from this list, go to: >http://snip.wedi.org/unsubscribe.cfm?list=privacy >and enter your email address. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
