RE: Here is a good Privacy Issue that will cause problems
Title: RE: Here is a good Privacy Issue that will cause problems I would argue that releasing information that a patient has been restricted to one pharmacy is not a disclosure under HIPAA. A disclosure must contain a person's identifying information and information on their health status. I don't see how a pharmacy restriction would be considered information about health status other than such a restriction would imply abuse of some sort. But that would be like the information that you are in the hospital would imply that you were sick. -Original Message- From: Drexler, Deborah (EHS) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 3:58 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Here is a good Privacy Issue that will cause problems The issue here is whether a covered entity which has information that an individual is drug seeking can disclose it to someone else, in an effort to curb the abuse. Depending on who is disclosing the PHI to whom, you can probably argue that the disclosure is authorized because it is either T, or P, or O. Here is an example of one way it could work. A payer realizes it has paid for several prescriptions for the same narcotic in a week, each written by a different prescriber. This is an indication of drug abuse. The payer deals with this problem by putting the individual on a restricted pharmacy list -- the individual can now get his prescriptions filled at only one particular pharmacy (pharmacy A). Pharmacy A is instructed by the payer that if they are asked to fill duplicate prescriptions, they they are to contact the prescriber to validate the prescription. Otherwise the pharmacist won't get paid. In this case, you could argue that the disclosure from pharmacist to provider is either for the individual's treatment, or the pharmacists' payment. In the same hypothetical situation, when the same individual goes to Pharmacy B in an attempt to get her illicit prescription, the Pharmacist B looks up the person's eligibility and sees that the individual has been restricted to Pharmacy A. Pharmacist B now knows that he won't get paid if he fills this prescription, and so he doesn't. There is a dislcosure here -- the payer disclosed to Pharmacy B the fact that the individual has been restricted to Pharmacy A (and implicitly a drug seeker) -- but this is a disclosure that will likely be deemed to be part of the payer's operations. In the situation you describe, Rebekah, it seems that the pharmacy (somehow) got information that the individual is a drug seeker, and is disclosing that fact to providers. I'd argue here that the disclosure from pharmacist to providers is part of the treatment of the individual. As you can see, none of these arguments is completely obvious. So is there a HIPAA problem? Maybe. There's another problem, as well. A drug seeker can easily evade detection by going to different pharmacies, different doctors, and not seeking insurance reimbursement. But there's a way to fix both the detection proglem and the HIPAA problem -- and I think I read that more than one state is either doing this or planning to do this: the state can *require* pharmacists to report all prescritpions to a central database, and the state can monitor that database to identify drug seekers. A bit Big Brother-ish? You might think so. But doing it this way solves not only the detection problem but the HIPAA problem as well -- as long as the state promulgates a regulation *requiring* pharmacists to disclose to a central database, and another *requiring* the state to disclose suspected drug seekers to providers. As we all know, HIPAA has no effect on state laws or regulations requiring disclosure of PHI. Deborah L. Drexler, Esq. HIPAA Program Consultant Executive Office Health Human Services One Ashburton Place Boston MA 02108 617-727-7600 [EMAIL PROTECTED] -Original Message- From: Mimi Hart [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 4:17 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: Here is a good Privacy Issue that will cause problems My gut feeling tells me huge issue...I don't know if there is something in public health law that would state that it is being done in the best interests of the patient and is therefore okay.hopefully one of the lawyers on the group will weigh in. MIMI Mimi Hart Ó¿Õ* Research Analyst, HIPAA Iowa Health System 319-369-7767 (phone) 319-369-8365 (fax) 319-490-0637 (pager) [EMAIL PROTECTED] Rebekah Savoie [EMAIL PROTECTED] 01/15/03 02:53PM Today, a clinic that I work with received a letter from a local pharmacy about a patient that was a Drug Seeker as we call them. Over the course of 30 days he had been to several doctors and several pharmacies and received over 350 total pills all a controlled substance. What happens to the pharmacy's ability to do these types of things under Privacy? Clearly, pharmacist were
FW: Here is a good Privacy Issue that will cause problems
It's not just narcotics. Some pharmacies are doing something similar with drug interactions. If I decide not to go to my PCP for a particular problem I'm having, and the new doctor prescribes a medication that interacts adversely with medication my PCP prescribed, the pharmacy is notifying both doctors of the potential problem. The logic being this is a patient safety issue. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Board of Directors - Workforce or Business Associates?
How are organizations classifying Board of Directors or Trustee members? Workforce -- or since they are not under the direction of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as business associates and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Documents
Title: RE: Documents I would also be interested if such things are available. Please contact me off line at [EMAIL PROTECTED] Thanks! Phyllis Line HIPAA Privacy Officer HEREIU Welfare Pension Funds 630-236-5114 [EMAIL PROTECTED] -Original Message- From: Joe Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 2:58 PM To: WEDI SNIP Privacy Workgroup List Subject: Documents I am trying to find drafts of HIPAA Privacy Procedures, Policies and Forms drafted specifically for the health plan arena. If anyone would be willing to share this information, please contact me directly. Thank You Joe Smith --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Board of Directors - Workforce or Business Associates?
Leslie, A Corporation's charter and bylaws would control how the Board may function. Consequently, the Board could be construed as part of the workforce. Further, in the Preamble to the (initial) Final Privacy rules, HHS notes that, independent contractors may or may not be workforce members. However, for compliance purposes we will assume that such personnel are members of the workforce if no business associate contract exists. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener informacin privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicacin por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la direccin mostrada y elimine el mensaje original. Gracias. -Original Message- From: Leslie C Bender [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 4:12 PM To: WEDI SNIP Privacy Workgroup List Cc: 'Drexler, Deborah (EHS)' Subject: RE: Board of Directors - Workforce or Business Associates? How are organizations classifying Board of Directors or Trustee members? Workforce -- or since they are not under the direction of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as business associates and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Here is a good Privacy Issue that will cause problems
Tim, I must respectfully disagree with your fundamental analysis of this scenario. Pharmacists (chemists) have, for more than 2000 years, been part of a triad (including physicians and nurses) engaged in an on-going clinical (NOT business) practice of ensuring that the correct medications and drugs are received by the correct patients. Whenever we remove one of those clinical disciplines from the decision-making process, medication errors and mistakes are likely to increase. It is NOT the intention of HIPAA to deter a good clinical practice. Unfortunately, when unscrupulous people get hold of blank-prescriptions, innocent people may get hurt. Under HIPAA, our responsibility then becomes mitigation of the harm. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 6:00 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Here is a good Privacy Issue that will cause problems In my personal opinion, this practice - violating patient privacy, in the name of detecting abuse by private businesses - which is (it appears to me) unsupported by statute (unless mandated by DEA regulation) - is contrary to both many state laws and HIPAA. I agree the practice serves a valuable community need, as well as the needs of the abusing patient (intervention). However, as it (as I see it) is NOT a law enforcement reporting issue, but rather a home grown solution, that business simply do out of common sense, the practice will either have to be suspended, with suspects reported to law enforcement - cutting out the Sherlock Holms detectionengaged in by pharmacistsin the process - or get a state statute passed to support and require the activity. After all, it appears to me that what is really occurring here is abuse of privacy, and potentially serious defamation, and that a case might be made for damages if a person is placed on these distribution lists wrongly. However, as I am not an attorney I can not pass on a formal opinion. Just keep in mind that a person DOES NOT LOOSE ANY RIGHTS just because a pharmacist suspects abuse!!! It is up to statutory law enforcement of investigate, and a court to determine if a crime has been committed, NOT A CE, regardless of their practices. I am frankly amazed that we have not heard more litigation on this issue. Regards, Tim McGuinness, Ph.D. Consulting Specialist in Regulatory Privacy, Security, and Application Compliance --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Here is a good Privacy Issue that will cause problems
Hate to say it, but I disagree: Under HIPAA a pharmacist's job is to establish and comply with certain policies for privacy, security and electronic claims processing. It is a pharmacist's *professional* obligation to avoid (or mitigate) harm to individuals, and HIPAA is not intended to *interfere* with this. But HIPAA says nothing about mitigation of harm or professional standards. -Original Message-From: Matthew Rosenblum [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 2003 3:57 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Here is a good Privacy Issue that will cause problems Tim, I must respectfully disagree with your fundamental analysis of this scenario. Pharmacists (chemists) have, for more than 2000 years, been part of a triad (including physicians and nurses) engaged in an on-going clinical (NOT business) practice of ensuring that the correct medications and drugs are received by the correct patients. Whenever we remove one of those clinical disciplines from the decision-making process, medication errors and mistakes are likely to increase. It is NOT the intention of HIPAA to deter a good clinical practice. Unfortunately, when unscrupulous people get hold of blank-prescriptions, innocent people may get hurt. Under HIPAA, our responsibility then becomes mitigation of the harm. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 6:00 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Here is a good Privacy Issue that will cause problems In my personal opinion, this practice - violating patient privacy, in the name of detecting abuse by private businesses - which is (it appears to me) unsupported by statute (unless mandated by DEA regulation) - is contrary to both many state laws and HIPAA. I agree the practice serves a valuable community need, as well as the needs of the abusing patient (intervention). However, as it (as I see it) is NOT a law enforcement reporting issue, but rather a "home grown" solution, that business simply do out of common sense, the practice will either have to be suspended, with suspects reported to law enforcement - cutting out the Sherlock Holms detectionengaged in by pharmacistsin the process - or get a state statute passed to support and require the activity. After all, it appears to me that what is really occurring here is abuse of privacy, and potentially serious defamation, and that a case might be made for damages if a person is placed on these distribution lists wrongly. However, as I am not an attorney I can not pass on a formal opinion. Just keep in mind that a person DOES NOT LOOSE ANY RIGHTS just because a pharmacist suspects abuse!!! It is up to statutory law enforcement of investigate, and a court to determine if a crime has been committed, NOT A CE, regardless of their practices. I am frankly amazed that we have not heard more litigation on this issue. Regards, Tim McGuinness, Ph.D.Consulting Specialist in Regulatory Privacy, Security, and Application Compliance---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a
