Re: ASCA Small Provider Definition
Dear Mr./Ms. Chang: We appreciate your interest in the ASCA legislation and its effect on the submission of Medicare claims. There will be an interim final rule with comment period defining the exceptions to the ASCA requirements that Medicare claims be submitted electronically. We do not have any further information to share with the public at this time. Claudette Sikora Centers for Medicare and Medicaid Services Provider Billing Group Noel Chang [EMAIL PROTECTED] 02/19/03 11:08PM Can anyone help clear up what the ASCA defintion of a Small Provider is? From CMS's FAQ's on their web site I got the following information: ASCA defines a small provider or supplier as: a provider of services with fewer than 25 full-time equivalent employees ora physician, practitioner, facility or supplier (other than provider of services) with fewer than 10 full-time equivalent employees. What is the difference between a provider of services and a physician,p ractitioner, facility? Does a solo-practitioner or small group practicen eed to have less than 10 FTE's or less than 25 FTE's to qualify as a small provider? Thanks, Noel Chang -- Open WebMail Project (http://openwebmail.org) --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Fee for Access
The regulation says the fee may be reasonable and cost based There is no way you can meet the test of these two requirements with a flat fee unless you plan to charge based on the cost of the smallest possible record - then it does not seem worth doing. cite 164.524(c)(4) My opinion BK -Original Message- From: Smith, Patricia [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 3:41 PM To: WEDI SNIP Privacy Workgroup List Subject: Fee for Access We are a health plan. We are trying to determine what to charge for Access. We have decided we want have it be a flat fee regardless of how long you have been with the plan. We generated reports from our current system (without regard for our business associates) on a few members and came up with documents that ranged from a ¼ inch to 3 inches of output (combination of printouts from previously scanned documents and computer generated reports). We are no closer at determining a fee. We would really prefer a flat fee and not a per page. Since we dont have face to face contact, its easier on the members and us if we set a flat fee. What are other plans charging? Thanks! Pat Smith --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Tracking for Accounting of Disclosures
Our organization has elected not to become affiliated at this time. Therefore, each entity will become responsible for tracking their own disclosures as well as responding to requests for restrictions. Unless you can purchase a tracking software, managing this would be very difficult and I am afraid prone to errors/omissions for a multiple entity system. The only downside to this is the patient will have to request an accounting from each facility. Thomas Johnson [EMAIL PROTECTED] 2/19/03 8:11:15 AM I have budgeted for a vendor, but it might not get approved, so I would be interested in what others are doing -Original Message- From: Owens, Kris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 7:27 PM To: WEDI SNIP Privacy Workgroup List Subject: Tracking for Accounting of Disclosures I am interested in how organizations that have multiple locations, or multiple legal entities are approaching the Tracking of Disclosures. Are you: 1. Using a manual solution such as spreadsheets or paper logs? 2. Building a solution such as a database or web application? Is the repository centralized or decentralized? 3. Buying a vendor solution? Kris Owens Senior IS Project Manager - HIPAA Project Presbyterian Healthcare Services Albuquerque, NM 505.923.8108 [EMAIL PROTECTED] God made the earth, the sky and the water, the moon and the sun. He made man and the bird and beast. But He didn't make the dog. He already had one. - Native American saying --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- PRESBYTERIAN HEALTHCARE SERVICES DISCLAIMER --- This message originates from Presbyterian Healthcare Services or one of its affiliated organizations. It contains information, which may be confidential or privileged, and is intended only for the individual or entity named above. It is prohibited for anyone else to disclose, copy, distribute or use the contents of this message. All personal messages express views solely of the sender, which are not to be attributed to Presbyterian Healthcare Services or any of its affiliated organizations, and may not be distributed without this disclaimer. If you received this message in error, please notify us immediately at [EMAIL PROTECTED] STATEMENT OF CONFIDENTIALITY The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy all copies of this message and any attachments. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues
RE: Tracking for Accounting of Disclosures
So each of you will have your own NPP, policies, etc... You will track all separately? -Original Message- From: Shelly Wilson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 1:24 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Tracking for Accounting of Disclosures Our organization has elected not to become affiliated at this time. Therefore, each entity will become responsible for tracking their own disclosures as well as responding to requests for restrictions. Unless you can purchase a tracking software, managing this would be very difficult and I am afraid prone to errors/omissions for a multiple entity system. The only downside to this is the patient will have to request an accounting from each facility. Thomas Johnson [EMAIL PROTECTED] 2/19/03 8:11:15 AM I have budgeted for a vendor, but it might not get approved, so I would be interested in what others are doing -Original Message- From: Owens, Kris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 7:27 PM To: WEDI SNIP Privacy Workgroup List Subject: Tracking for Accounting of Disclosures I am interested in how organizations that have multiple locations, or multiple legal entities are approaching the Tracking of Disclosures. Are you: 1. Using a manual solution such as spreadsheets or paper logs? 2. Building a solution such as a database or web application? Is the repository centralized or decentralized? 3. Buying a vendor solution? Kris Owens Senior IS Project Manager - HIPAA Project Presbyterian Healthcare Services Albuquerque, NM 505.923.8108 [EMAIL PROTECTED] God made the earth, the sky and the water, the moon and the sun. He made man and the bird and beast. But He didn't make the dog. He already had one. - Native American saying --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- PRESBYTERIAN HEALTHCARE SERVICES DISCLAIMER --- This message originates from Presbyterian Healthcare Services or one of its affiliated organizations. It contains information, which may be confidential or privileged, and is intended only for the individual or entity named above. It is prohibited for anyone else to disclose, copy, distribute or use the contents of this message. All personal messages express views solely of the sender, which are not to be attributed to Presbyterian Healthcare Services or any of its affiliated organizations, and may not be distributed without this disclaimer. If you received this message in error, please notify us immediately at [EMAIL PROTECTED] STATEMENT OF CONFIDENTIALITY The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy all copies of this message and any attachments. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is
Re: Mississippi
I don't want the punishment information - I want to know where the information came from that MS has contracted with someone for $41K with little or no experience Donald LaBarre [EMAIL PROTECTED] 02/20/03 01:40PM GENERAL REQUIREMENTS FOR ADOPTION OF STANDARDS SEC. 1172. (a) APPLICABILITY.--Any standard adopted under this part shall apply, in whole or in part, to the following persons: (1) A health plan. (2) A health care clearinghouse. (3) A health care provider who transmits any health information in electronic form in connection with a transaction referred to in section 1173(a)(1). GENERAL PENALTY FOR FAILURE TO COMPLY WITH REQUIREMENTS AND STANDARDS SEC. 1176. (a) GENERAL PENALTY.-- (1) IN GENERAL.--Except as provided in subsection (b), the Secretary shall impose on any person who violates a provision of this part a penalty of not more than $100 for each such violation, except that the total amount imposed on the person for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000. (2) PROCEDURES.--The provisions of section 1128A (other than subsections (a) and (b) and the second sentence of subsection (f)) shall apply to the imposition of a civil money penalty under this subsection in the same manner as such provisions apply to the imposition of a penalty under such section 1128A. (b) LIMITATIONS.-- (1) OFFENSES OTHERWISE PUNISHABLE.--A penalty may not be imposed under subsection (a) with respect to an act if the act constitutes an offense punishable under section 1177. (2) NONCOMPLIANCE NOT DISCOVERED.--A penalty may not be imposed under subsection (a) with respect to a provision of this part if it is established to the satisfaction of the Secretary that the person liable for the penalty did not know, and by exercising reasonable diligence would not have known, that such person violated the provision. (3) FAILURES DUE TO REASONABLE CAUSE.-- (A) IN GENERAL.--Except as provided in subparagraph (B), a penalty may not be imposed under subsection (a) if-- (i) the failure to comply was due to reasonable cause and not to willful neglect; and (ii) the failure to comply is corrected during the 30-day period beginning on the first date the person liable for the penalty knew, or by exercising reasonable diligence would have known, that the failure to comply occurred. (B) EXTENSION OF PERIOD.-- (i) NO PENALTY.--The period referred to in subparagraph (A)(ii) may be extended as determined appropriate by the Secretary based on the nature and extent of the failure to comply. (ii) ASSISTANCE.--If the Secretary determines that a person failed to comply because the person was unable to comply, the Secretary may provide technical assistance to the person during the period described in subparagraph (A)(ii). Such assistance shall be provided in any manner determined appropriate by the Secretary. (4) REDUCTION.--In the case of a failure to comply which is due to reasonable cause and not to willful neglect, any penalty under subsection (a) that is not entirely waived under paragraph (3) may be waived to the extent that the payment of such penalty would be excessive relative to the compliance failure involved. WRONGFUL DISCLOSURE OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION SEC. 1177. (a) OFFENSE.--A person who knowingly and in violation of this part-- (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). (b) PENALTIES.--A person described in subsection (a) shall-- (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both. Donald L. LaBarre, Jr., CISSP Chief Information Protection Officer State of Connecticut - DMHAS 410 Capitol Avenue 14-ISD Hartford, Connecticut, USA 06134 Phone: (860) 418-6625 Fax: (860) 418-6699 _ Few threats are silicon-based... Most threats are carbon-based! _ Rebekah Savoie [EMAIL PROTECTED] 02/20/03 01:10PM Could someone please let me know where this information came from. I would just like to see the facts. Thank you Rebekah in MS Doug Webb [EMAIL PROTECTED] 02/20/03 11:51AM Well said, Bart. In addition, if the State is operating as a Covered Entity (such as administering MEDICAID), it is the one who incurs all of the penalties for improper actions under HIPAA. It extends responsibility for protectcting PHI to its Business Associates by contract. The
Mississippi
Okay, I have done direct e-mail and e-mail by way of list serv and never found out where the guy was getting his facts, but I will make these comment (my opinion and we all know what they say about opinions). 1. Experience does not always amount to expertise 2. Knowledge of the Subject Matter and Competence must speak for something 3. We all started out small and would not be where we are now if not for some belief in our Knowledge and Competence and that being said we all had to start at the bottom of the pay scale as well. Rebekah Savoie - in MS --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Sharing information with clinic owned HMO
I need some feedback regarding how others CEs are handling the following scenario: We are a clinic that has an HMO. Technically, it is a department of the clinic, but we have separate ourselves into two different CEs. In the past, we have allowed the HMO staff to have access to our database and to our original records. They requested a chart and we sent it. We have contracted them to do our credentialing for us and then they need the information regarding HEDIS, disease management, etc With minimum necessary, we are concerned about the HMO having access to our whole database (we cannot give them access to only their members) and we are very concerned about sending over the original records, but copying is such a huge expense and chore. What do you all think? What is everyone else doing? thanks for the input! Judith Bentz-Miller Privacy Officer Arnett Clinic 765-448-8843 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
DOL vs. HIPAA
Looking for some thoughts from all... HIPAA preamble references the ability to send EOBs to the subscriber containing member information as long as the diagnosis is stripped. We view this and felt as though this would extend to diagnosis description, procedure code and procedure description and have been making efforts to change our wording to high level descriptors such as 'lab', 'office visit', etc. The DOL regs however are requiring detailed information regarding why services have been denied. For example, 'gastric bypass surgery not a covered benefit'. How are others reconciling these two Federal regulations? Michele S. Eberle Corporate Privacy Officer The Regence Group ph. 503-553-5069 fax. 503-225-5431 [EMAIL PROTECTED] === IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Nursing Homes and Ambulance Services
Title: Message Sorry if this has been covered before... but I keep hearing opposite interpretations. Are Nursing Homes and / or Ambulance Services considered Business Associates? Thanks for any clarification! kf Kathy Findley Coordinator - Information Services and HIPAA St. Joseph's Hospital Health Center Phone - (315) 448-6111 Beeper - (315) 467-4180 Text Page - [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: DOL vs. HIPAA
Michele -- I am not aware of any HHS statement in the 12/28/2000 preamble to the effect that diagnosis information must be stripped from the EOB in order to achieve Privacy Rule compliance. I have quoted the relevant preamble statements below my signature. Although HHS has not issued any dictates about the substance of the EOB, it's important to recall that payment communications such as the EOB are subject to the minimum necessary rule. Consequently, if it's not necessary to communicate the diagnosis to achieve the purpose of the communication, then the diagnosis shouldn't be included. Getting to your question, a valid purpose of the EOB is communicate payment information in compliance with with ERISA. Therefore, in my opinion, if ERISA requires disclosure of the diagnosis in a particular situation, e.g, at the appeal stage, the disclosure of the diagnosis on the EOB would fit within the minimum necessary standard. I do agree with you that it would be helpful for DOL to provide official guidance integrating the claims processing rule with the Privacy Rule. Best regards, Dave Ermer P.S. Here are the 12/28/00 preamble statements that I found: Comment: A commenter noted that the definition of disclosure should reflect that health plan correspondence containing protected health information, such as Explanation of Benefits (EOBs), is frequently sent to the policyholder. Therefore, it was suggested that the words provision of access to be deleted from the definition and that disclosure be clarified to include the conveyance of protected health information to a third party. Response: The definition is, on its face, broad enough to cover the transfers of information described and so is not changed. We agree that health plans must be able to send EOBs to policyholders. Sending EOB correspondence to a policyholder by a covered entity is a disclosure for purposes of this rule, but it is a disclosure for purposes of payment. Therefore, subject to the provisions of § 164.522(b) regarding Confidential Communications, it is permitted even if it discloses to the policyholder protected health information about another individual (see below). Comment: Certain commenters explained that third party administrators usually communicate with employees through Explanation of Benefit (EOB) reports on behalf of their dependents (including those who might not be minor children). Thus, the employee might be apprized of the medical encounters of his or her dependents but not of medical diagnoses unless there is an over-riding reason, such as a child suspected of drug abuse due to multiple prescriptions. The commenters urged that the current claim processing procedures be allowed to continue. Response: We agree. We interpret the definition of payment and, in particular the term 'claims management,' to include such disclosures of protected health information. Comment: One commenter requested that we create a standard that all information from a health plan be sent to the patient and not the policyholder or subscriber. Response: We require health plans to accommodate certain requests that information not be sent to a particular location or by particular means. A health plan must accommodate reasonable requests by individuals that protected health information about them be sent directly to them and not to a policyholder or subscriber, if the individual states that he or she may be in danger from disclosure of such information. We did not generally require health plans to send information to the patient and not the policyholder or subscriber because we believed it would be administratively burdensome and because the named insured may have a valid need for such information to manage payment and benefits. Gordon Barnett 1133 21st St., NW, Suite 450 Washington, DC 20036 202-833-3400 ext 3009 (voice) 202-223-0120 (fax) www.gordon-barnett.com [EMAIL PROTECTED] 02/20/03 18:16 PM Looking for some thoughts from all... HIPAA preamble references the ability to send EOBs to the subscriber containing member information as long as the diagnosis is stripped. We view this and felt as though this would extend to diagnosis description, procedure code and procedure description and have been making efforts to change our wording to high level descriptors such as 'lab', 'office visit', etc. The DOL regs however are requiring detailed information regarding why services have been denied. For example, 'gastric bypass surgery not a covered benefit'. How are others reconciling these two Federal regulations? Michele S. Eberle Corporate Privacy Officer The Regence Group ph. 503-553-5069 fax. 503-225-5431 [EMAIL PROTECTED] === IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended