Thanking a patient for a referral
I thought I’d tell the group the opinion I formed regarding this issue in the event it may help others. I thank everyone for their input. I decided that the opportunity to agree or object did not apply in this area because that is reserved for family and friends involved in the patient’s care. Just because you referred someone to your doctor doesn’t make you involved in the person’s care. Then, I got to thinking that this referral program could be considered a marketing program on the part of the doctor in an effort to get more referrals. Basically, it is a disclosure that doesn’t fit into any of the exceptions I know of, therefore…. This disclosure simply isn’t allowed without an authorization. Once I came to that realization, I knew the NPP was completely out of the question. The NPP is designed to inform a patient about allowed disclosures, not take the place of an authorization. In some cases, putting the opportunity to agree or object in a NPP is appropriate if there is a specific mechanism to allow the agreement or objection to be noted above, beyond and separate from the receipt of NPP acknowledgement. So, all this confirmed my opinion all along…yes, take the name off the card. That is the ONLY option, other than dropping the program. It’s the simplest thing to do. De-identify. I never saw this as a privacy mantra before, but I certainly do now. There may need to be some additional steps to keep people from deducing the identity of the referral. (One can refer a friend today and get a thank you note tomorrow, or a thank you note once a month.) I’m thinking this is the stage where someone says…is all this really necessary? I say yes. News travels fast whether it is good or bad and seeing a doctor is always news. These are just my personal opinions and I am not a lawyer, so take it all with a grain of salt or aspirin as the case may be! Catherine Lohmeier Implementations Project Lead OD Professional™ Team 888.621.5751 x 15 402.423.6509 x 15 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: SS# and e-mail
Title: Message Those interested in this subject might want to review this GAO report. http://www.gao.gov/highlights/d03941thigh.pdf With identity theft, I would not want my SSN sent via email. I have already had credit card information stolen which had been sent via an email. Anita HaltermanNMEH HIPAA Integration and Transition (HIT) co-chairHealth Policy Analyst & HIPAA Privacy and Security CoordinatorState of Alaska,Department of Health and Social Services,Division of Health Care Services,4501 Business Park Blvd., Suite 24Anchorage, AK 99503-7167Phone: (907)334-2431Fax: (907)561-1684 -Original Message-From: Dan Hoskins [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 12:41 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: SS# and e-mail Dana, "not tied to any other personal identifiers" is a can of worms. Email resides on, potentially, a variety of servers on its way from sender to recipient. Some are administered with sound security practice, many are not. It is reasonable to expect some of them to be hacked, and the traffic sniffed. If a hacker with bad intentions copied all emails from your organization passing through a given, hacked server, and matched up the ones with common recipients, matching the SSN with other info wouldn't be that hard. I suppose you could institute a policy that SSNs, and no other info, could go by email in cleartext. Wouldn't want to administer that. Safer to establish gateway encription for your enterprise, and encript anything with PHI. My .02$ FWIW. Daniel S. Hoskins, VP HIPAA Compliance Services Square One Computer Security Services, Inc. 36 Chickering Dr., Brattleboro, VT 05301 877-583-8158 -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: SS# and e-mail
Dana, "not tied to any other personal identifiers" is a can of worms. Email resides on, potentially, a variety of servers on its way from sender to recipient. Some are administered with sound security practice, many are not. It is reasonable to expect some of them to be hacked, and the traffic sniffed. If a hacker with bad intentions copied all emails from your organization passing through a given, hacked server, and matched up the ones with common recipients, matching the SSN with other info wouldn't be that hard. I suppose you could institute a policy that SSNs, and no other info, could go by email in cleartext. Wouldn't want to administer that. Safer to establish gateway encription for your enterprise, and encript anything with PHI. My .02$ FWIW. Daniel S. Hoskins, VP HIPAA Compliance Services Square One Computer Security Services, Inc. 36 Chickering Dr., Brattleboro, VT 05301 877-583-8158 -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: SS# and e-mail
I would say no, because there are places on the Internet, etc. where you may be able to connect the SSN to a person's identity. Vicki Hohner FOX Systems, Inc. 360-970-6856 360-352-4584 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. >>> "Dana Frank" <[EMAIL PROTECTED]> 11/06/03 09:33 AM >>> If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: SS# and e-mail
A SS is an identifier. So if the SS is tied to past, present or future health or payment info its PHI. As for whether its safe to email, that's an internal decision. But our company has determined its not safe for us. Hope that helps. Deborah Campbell -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
SS# and e-mail
If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org