Chris, you're absolutely correct. Providers who don't "transmit health information electronically in connection with [one or more of the HIPAA standard transactions] are not subject to ANY HIPAA -- not the transaction standards, not the privacy rules, not the security rules, not the identifier rules . . . not any of it. That's the way the statute was written by Congress; it's not a DHHS construction.
A caveat for would-be HIPAA expatriots: those who bill Medicare must, under last December's Administrative Simplification Compliance Act, submit those bills electronically as of October 16, 2003 -- unless (1) DHHS determines there is "no method available for the submissions of claims in an electronic form;" or (2) they are a "small provider of services or supplier" [either a "provider of services" with fewer than 25 FTE employees, or a physician, practitioner, facility or supplier other than a supplier of services with fewer than 10 FTE employees]. Robyn A. Meinhardt Foley & Lardner Denver, Colorado 303-294-4414 -----Original Message----- From: Christopher J. Feahr, OD [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 5:54 PM To: Noel Chang; [EMAIL PROTECTED] Subject: Re: Covered entities: "cash-only" doctors RE: Noel's original question about whether "insurance-free" or "cash only" doctors are covered entities, let me see if I have this right: The definition of CE excludes "cash-only" doctors because they would not be conducting any of the named transactions. Likewise, a provider who kept his "individually identifiable health information" in a computer, but did all his HIPAA-transactions on paper (or by phone or paper-to-paper fax) would also seem to be excluded from "CE" status. (Is this correct?) ...thus excluding him from all security and privacy rules?? I had been under the [possibly incorrect] impression that simply "storing health information in digital form" would cause a doctor to become a CE... even if he did not do any of the named transactions electronically... thus subjecting him to "security and privacy" rules, but not to "transaction and code-set" rules. But apparently this broader definition (to include information simply "stored" electronically) applies only to the INFORMATION... not to the covered entity. So, despite the broad definition of "health information", a doctor would [apparently] have to be sending or receiving it electronically... in the context of one of the named transactions... to be considered a CE... and to be subject to ANY HIPAA rule. Am I missing something? Thanks, Chris At 10:44 AM 3/18/02 -0600, Noel Chang wrote: >Has anyone seen any further clarification from DHHS on who must comply >with the Privacy Rule? > > > >The way I interpret the final rule published in December of 2000, and the >guidelines published in July of 2001, the only health care providers that >must comply are those who electronically conduct one or more of the ten >covered transactions. I have encountered a specialist who does not accept >any insurance, they are a cash only operation. As such they do not file >any claims or deal with eligibility, etc. By my reading they would appear >to not be a covered entity and therefore are not required to comply with >the Privacy Rule. > > > >I keep seeing information from various sources (not DHHS or OCR, however) >that make very broad statements such as HIPAA applies to everyone or there >are no HIPPAA free records . I can understand what they mean by these >statements in certain context but I think they are a little too broad and >misleading. Does anyone else agree that a doctor s office who is not >electronically conducting a covered transaction is therefore not a covered >entity for the purposes of the Privacy Rule? If you do not agree, can you >cite where is the requirement that such an office comply with the Privacy Rule? > > > >Thanks, > > > >Noel Chang > >********************************************************************** >To be removed from this list, go to: >http://snip.wedi.org/unsubscribe.cfm?list=privacy >and enter your email address. Christopher J. Feahr, OD http://visiondatastandard.org [EMAIL PROTECTED] Cell/Pager: 707-529-2268 ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
