I am submitting this question in the hope that I can gain some assistance in responding to constant internal inquiries about the use of protected health information for training purposes.
My company is a business associate, acting on behalf of large payers. As part of this process, claims are submitted, processed, etc… From time to time, my company will provide training on the system that is used to process these claims.
The question that is being posed is that since this data truly belongs to the payer and we are providing training as a service to the payer that we act on behalf of, can we not include language in a Business Associate contract to state that we will provide training with the use of the payer’s data.
I totally disagree with this because the privacy regulation is concerned about the privacy of an “individuals’ data. The owner is not the point. It is the individual’s data we are trying to protect and without an individual authorization, I do not see this as allowable.
Anyone who has any thoughts on this topic would greatly be appreciated.
Greg Bard NASCO HIPAA Privacy and Security Project Manager (W) 678.441.6059 (F) 678.441.6359
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. � |
- RE: PRIVACY - USE OF PHI IN TRAINING Bard, Greg
- RE: PRIVACY - USE OF PHI IN TRAINING Kelly, Lee
- Re: PRIVACY - USE OF PHI IN TRAINING Doug Webb
- RE: PRIVACY - USE OF PHI IN TRAINING Line, Phyllis
- RE: PRIVACY - USE OF PHI IN TRAINING Zalewski Andrea
- RE: PRIVACY - USE OF PHI IN TRAINING Young, Brian
- RE: PRIVACY - USE OF PHI IN TRAINING Bentz-Miller, Judith
