Re: medical vendors as Business Associates
Jo, quite so. I would lkie to call an entity that would be a CE if they did a single electronic transaction that a standard has been established for a "Potential Covered Entity" (PCE) and avoid all the repeated verbiage. Any takers? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Jo Clair To: 'Doug Webb' Sent: Wednesday, February 26, 2003 04:17 PM Subject: RE: medical vendors as Business Associates Not all providers are CE's (they may not do electronic transactions). -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 1:57 PMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates Craig, That would be my understanding. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Craig Moen To: 'Doug Webb' Sent: Wednesday, February 26, 2003 03:28 PM Subject: RE: medical vendors as Business Associates Doug- I want to make sure I am understanding. We are a home health agency that provides therapy services. Our therapists interact with DME providers, andorthotists and obviously share PHI. Since these are outside services not provided by us, the DME providers, and orthotist independently bill the appropriate insurance company. They would then also be CE's and then we would be able to share info with them without a BAA because information can be shared between CE's as a part of treatment. Correct? Thanks for your input Craig Moen Director of Rehabilitation THERAPY 2000 Dallas, TX---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
Re: Questions in regard to Security/Privacy
Richard, The first question is: Is what is being transmitted Protected Healthcare Information? If not all the rest is moot. If what is being transmitted is strictly the financial data (This merchant charged this person this much), it probably isn't PHI, but just money. If it is you must do a risk-of exposure analysis. First, the receiving system must be capable of properly protecting any PHI it receives. Terminal-to-Private Network is probably adequately secured. In this case, you may decide that encryption is just wasting resources. Going via the Internet will probably need some kind of end-to-end encryption to be adequately secure, since the Internet is inherently a broadcast to every computer connected to the net, received by anyone who wants to listen. Make your decisions and document them. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Richard Smith To: WEDI SNIP Privacy Workgroup List Sent: Thursday, February 27, 2003 11:52 AM Subject: Questions in regard to Security/Privacy I would like to know how the privacy security act under HIPAA will impact ourcurrent systems today? I support POS card/swipe machines that dialup (via anasync/sync modem) over the public telephone system into a server that isconnected to a private network. These machines (terminals) are located throughout the USA in Provider offices, clinics and hospitals. The dialup protocol(VISA) is the same protocol that the financial processors use today doingcredit/debit transactions. Are there any issues that I need to be concernedabout from the terminal point of view?The second part of my question, I would like to know how the privacy securityact under HIPAA will impact POS card/swipe machines that dialup (via anasync/sync modem) over the public telephone system into a ISP that is connectedto the Internet. These machines (terminals) are located through out the USA inProvider offices, clinics and hospitals. The dialup protocol will be either VISAor PPP (Point-to Point). Are there any issues that I need to be concerned aboutfrom the terminal point of view?---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Questions in regard to Security/Privacy
I don't see these POS terminals being affected by HIPAA if in fact they are doing a financial transaction...ie patient is making a payment for services rendered(paying the co-pay with a credit card). Now, there is a network of POS terminals that do eligibility checks and referrals etc..these terminals are conducting transactions for which a standard has been defined and are therefore subject to the HIPAA TCS rule. The use of these POS terminals qualify the provider as a Covered Entity which in turn makes the provider subject to the Privacy and Security Rule. Any other opinions or observations? CL Original Message From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: Questions in regard to Security/Privacy Date: Thu, 27 Feb 2003 09:52:59 -0800 I would like to know how the privacy security act under HIPAA will impact our current systems today? I support POS card/swipe machines that dialup (via an async/sync modem) over the public telephone system into a server that is connected to a private network. These machines (terminals) are located through out the USA in Provider offices, clinics and hospitals. The dialup protocol (VISA) is the same protocol that the financial processors use today doing credit/debit transactions. Are there any issues that I need to be concerned about from the terminal point of view? The second part of my question, I would like to know how the privacy security act under HIPAA will impact POS card/swipe machines that dialup (via an async/sync modem) over the public telephone system into a ISP that is connected to the Internet. These machines (terminals) are located through out the USA in Provider offices, clinics and hospitals. The dialup protocol will be either VISA or PPP (Point-to Point). Are there any issues that I need to be concerned about from the terminal point of view? --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org Catherine Lohmeier Sr. Business Consultant PCI: e-commerce for healthcare ph. 402-304-1918 www.hipaasurvival.com --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Questions in regard to Security/Privacy
Catherine, Just a clarification. These non-financial POS terminals would have to use standard transactions (such as 270/271, 278, etc.) to do their job when a standard is available. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Catherine Lohmeier To: WEDI SNIP Privacy Workgroup List Cc: [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 03:07 PM Subject: RE: Questions in regard to Security/Privacy I don't see these POS terminals being affected by HIPAA if in factthey are doing a financial transaction...ie patient is making apayment for services rendered(paying the co-pay with a credit card).Now, there is a network of POS terminals that do eligibility checksand referrals etc..these terminals are conducting transactions forwhich a standard has been defined and are therefore subject to theHIPAA TCS rule. The use of these POS terminals qualify the provideras a Covered Entity which in turn makes the provider subject to thePrivacy and Security Rule.Any other opinions or observations?CL Original Message From: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: RE: Questions in regard to Security/PrivacyDate: Thu, 27 Feb 2003 09:52:59 -0800I would like to know how the privacy security act under HIPAA willimpact ourcurrent systems today? I support POS card/swipe machines that dialup(via anasync/sync modem) over the public telephone system into a server thatisconnected to a private network. These machines (terminals) arelocated throughout the USA in Provider offices, clinics and hospitals. The dialupprotocol(VISA) is the same protocol that the financial processors use todaydoingcredit/debit transactions. Are there any issues that I need to beconcernedabout from the terminal point of view?The second part of my question, I would like to know how the privacy securityact under HIPAA will impact POS card/swipe machines that dialup (viaanasync/sync modem) over the public telephone system into a ISP that isconnectedto the Internet. These machines (terminals) are located through outthe USA inProvider offices, clinics and hospitals. The dialup protocol will beeither VISAor PPP (Point-to Point). Are there any issues that I need to beconcerned aboutfrom the terminal point of view?---The WEDI SNIP listserv to which you are subscribed is not moderated.The discussions on this listserv therefore represent the views of theindividual participants, and do not necessarily represent the viewsof the WEDI Board of Directors nor WEDI SNIP. If you wish to receivean official opinion, post your question to the WEDI SNIP IssuesDatabase at http://snip.wedi.org/tracking/. These listservs shouldnot be used for commercial marketing purposes or discussion ofspecific vendor products and services. They also are not intended tobe used as a forum for personal disagreements or unprofessionalcommunication at any time.You are currently subscribed to wedi-privacy as:[EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe format http://subscribe.wedi.org or send a blank email to[EMAIL PROTECTED]If you need to unsubscribe but your current email address is not thesame as the address subscribed to the list, please use theSubscribe/Unsubscribe form at http://subscribe.wedi.orgCatherine LohmeierSr. Business ConsultantPCI: e-commerce for healthcareph. 402-304-1918www.hipaasurvival.com---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Standard transactions - POS Terminals
Douglas, I recently participated in the development of Internet-based online systems with a major health plan. It should be noted that there may be a qualification regarding the requirement to use standard transactions (such as 270/271, 278, etc.) with online systems, i.e. the format portion of the rules may not apply. I refer to HHS HIPAA FAQs at http://aspe.hhs.gov/admnsimp/faqtx.htm#overInternet, which, in part states: "Internet transactions are being treated the same as other electronic transactions. However, we recognize that there are certain transmission modes in which the format portion of the standard is inappropriate. In these cases, the transaction must conform to the data content portion of the standard." During planning, we also concluded that the CE custodian of the data (in this case, the health plan) must offer an option for approved users to access the data in a manner that complies to the full requirements, including format specifications. We accomplished that by offering a separate batch capability in addition to online services. Regards, Steve Moe eBUSINESS AS USUAL, LLC [EMAIL PROTECTED] Confidentiality Note: The information contained in and transmitted with this e-mail is confidential. It is intended only for the individual or entity so designated above. You are hereby notified that any dissemination, distribution, copying, or the use of or reliance upon the information contained in and transmitted with this e-mail by or to anyone other than the recipient(s) designated above is unauthorized and strictly prohibited. If you have received this e-mail in error, please notify us immediately by telephone at 425.821.0785. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Amendment Questions
Patricia, 1) It depends what you say in your NPP, but HIPAA does not mandate that a CE include past information (i.e., PHI created prior to the compliance date) 2) HIPAA does NOT require a written request from the individual I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Patricia Conroe [mailto:[EMAIL PROTECTED] Sent: Thursday, February 27, 2003 2:31 PM To: WEDI SNIP Privacy Workgroup List Subject: Amendment Questions I have two questions regarding amendment of the medical/billing record. 1. Do we have to amend info kept prior to the deadline? (The disclosure log specifically says you do not, but nothing on the amendment. What about all those places that have info on microfilm?) and 2. When a patient calls regarding charges on their bill and after investigation it's discovered that those charges are in fact wrong and shouldn't be there. Do you go through the whole amendment process (we have 3 different forms right now for amending info) or is this something we can just go ahead and do? Thanks for your help! --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
'Do Not Call' follow-up
ATT Government Solutions Awarded $3.5 Million Contract by FTC to Develop And Implement 'Do Not Call' Registry Consumer Registration Expected This Summer VIENNA, Va., Feb 26, 2003 /PRNewswire-FirstCall via COMTEX/ -- ATT Government Solutions announced today it has been awarded a $3.5 million contract from the Federal Trade Commission to develop and implement a national registry containing phone numbers of consumers who do not wish to be contacted by telemarketers http://www.govcon.com/nl/14406/11100 Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org