RE: minimal compliance?

Sun, 19 May 2002 12:45:35 -0700

Title: RE: minimal compliance?


good afternoon,

taking that one step further....it is hard to imagine anyone today that does not have a fax, palm pilot, laptop, etc.   each scenario is a hipaa defined "electronic transmission".

we try to have our staff and drs accept the fact that hipaa is coming and we need to change our mindset.  we ask that everyone focus on the regs and not look for shortcuts and loopholes.

paul gaudio
director, medical records and priv officer
cabrini med ctr, nyc
[EMAIL PROTECTED]

    -----Original Message-----
    From:   Allan  Roth [SMTP:[EMAIL PROTECTED]]
    Sent:   Wednesday, May 08, 2002 4:14 PM
    To:     'Kelly, Lee'; [EMAIL PROTECTED]
    Subject:        RE: minimal compliance?



    Strictly speaking the narrow definition of "covered entity" �requires electronic transmission of data�and therefore, and organization could avoid being a "covered entity" under this strict definition. However, the�privacy of PHI is dictated�by HIPAA to varying extents�to �organizations that are not strictly "covered entities" and that don't generally think of themselves as healthcare institutions. This include organizations and institutions that�are self insured and manage health insurance. Therefore, it is only good practice to follow the HIPAA compliance guidelines and regarding the transaction standards dictated for covered entities, there will be enough�ROI for the changes required that it makes good business sense.�



    Allan C. Roth, Ph.D., CISSP

    Director of Information Systems

    Prairie Cardiovascular Consultants, Ltd.

    Springfield, IL� 62794-9420

    [EMAIL PROTECTED]

    (217) 788-0706 ex 67890

      -----Original Message-----
      From: Kelly, Lee [mailto:[EMAIL PROTECTED]]
      Sent: Wednesday, May 08, 2002 2:15 PM
      To: [EMAIL PROTECTED]
      Cc: '[EMAIL PROTECTED]'
      Subject: FW: minimal compliance?





      Rebekah,

      However, keep in mind that the Privacy Rule also applies to 'individually identifiable health information that is or has been electronically maintained or electronically transmitted by a covered entity, as well as such information when it takes any other form.'

      The example given is that phi would remain protected after it is read from a screen and discussed orally, printed onto paper or other media, photographed or otherwise duplicated.

      You will also need to take a look at the technologies in use at your site. Consider telemedicine, home care givers that have mobile devices, and newer medical devices that store PHI as part of their function.

      Thank You,

      Lee Kelly, CISSP

      Manager, Assessment Services

      Fortrex Technologies

      [EMAIL PROTECTED]

      1-877-Fortrex - Office

      1-301-906-6269 - Cell


      **********************************************************************
      To be removed from this list, go to:       http://snip.wedi.org/unsubscribe.cfm?list=privacy
      and enter your email address.


    **********************************************************************
    To be removed from this list, go to:     http://snip.wedi.org/unsubscribe.cfm?list=privacy
    and enter your email address.


**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.

Reply via email to