RE: Noel's original question about whether "insurance-free" or "cash only" doctors are covered entities, let me see if I have this right:
The definition of CE excludes "cash-only" doctors because they would not be conducting any of the named transactions. Likewise, a provider who kept his "individually identifiable health information" in a computer, but did all his HIPAA-transactions on paper (or by phone or paper-to-paper fax) would also seem to be excluded from "CE" status. (Is this correct?) ...thus excluding him from all security and privacy rules?? I had been under the [possibly incorrect] impression that simply "storing health information in digital form" would cause a doctor to become a CE... even if he did not do any of the named transactions electronically... thus subjecting him to "security and privacy" rules, but not to "transaction and code-set" rules. But apparently this broader definition (to include information simply "stored" electronically) applies only to the INFORMATION... not to the covered entity. So, despite the broad definition of "health information", a doctor would [apparently] have to be sending or receiving it electronically... in the context of one of the named transactions... to be considered a CE... and to be subject to ANY HIPAA rule. Am I missing something? Thanks, Chris At 10:44 AM 3/18/02 -0600, Noel Chang wrote: >Has anyone seen any further clarification from DHHS on who must comply >with the Privacy Rule? > > > >The way I interpret the final rule published in December of 2000, and the >guidelines published in July of 2001, the only health care providers that >must comply are those who electronically conduct one or more of the ten >covered transactions. I have encountered a specialist who does not accept >any insurance, they are a cash only operation. As such they do not file >any claims or deal with eligibility, etc. By my reading they would appear >to not be a covered entity and therefore are not required to comply with >the Privacy Rule. > > > >I keep seeing information from various sources (not DHHS or OCR, however) >that make very broad statements such as HIPAA applies to everyone or there >are no HIPPAA free records . I can understand what they mean by these >statements in certain context but I think they are a little too broad and >misleading. Does anyone else agree that a doctor s office who is not >electronically conducting a covered transaction is therefore not a covered >entity for the purposes of the Privacy Rule? If you do not agree, can you >cite where is the requirement that such an office comply with the Privacy Rule? > > > >Thanks, > > > >Noel Chang > >********************************************************************** >To be removed from this list, go to: >http://snip.wedi.org/unsubscribe.cfm?list=privacy >and enter your email address. Christopher J. Feahr, OD http://visiondatastandard.org [EMAIL PROTECTED] Cell/Pager: 707-529-2268 ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
