RE: Here is a good Privacy Issue that will cause problems
There was some good discussion of whether it was proper (legal) for the pharmacist to notify the prescribers (probably not), but if he stole the RX book, or someone suspected he stole the RX book, that was a (potential) crime and should have been reported to the police. I was thinking about suggesting reporting it to the police in the first place. They would have (hopefully) done an investigation and developed a case before notifying anybody, thus preventing the embarrassment to the wrong person (and potential law suit). If the pharmacist reported it to the police and it turned out that nothing illegal was done, I don't see what harm it would have done to the pharmacist or to the person suspected of wrong doing. Bruce Bradigan Healthcare Consultant -Original Message- From: Rebekah Savoie [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 5:43 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Here is a good Privacy Issue that will cause problems Thank you for all your responses. They were all great and exactly what I expected - Now I will tell you the rest of the story - A man stole some Rx books and forged the Rx's - but it gets better - he used someone else's name and the pharmacy gave this information to physicians when the person they thought and named was seeking drugs, was actually not. You can imagine how mad this man was after the information got back to his employer who was a friend of a physician that received one of the general mail-out letters about him being a drug seeker. Makes you think, doesn't it? Rebekah Savoie Healthcare Consultant Christiansen, John (SEA) [EMAIL PROTECTED] 01/16/03 02:55PM Robert - I think I need to question one of your assumptions, and your approach to this kind of problem. #1 the assumption that: the individual has lost the right to privacy once they break the law is not correct, and is in fact dangerously incorrect. HIPAA does not state that principle anywhere. It does list a number of conditions under which PHI may be disclosed: for TPO, under an authorization, and under the conditions listed in 45 CFR 164.512 (uses and disclosures not for TPO for which no authorization is required). If you read that regulation you will see that subsection (a) does permit a disclosure required by law, while subsection (f) sets out the specific requirements for disclosures for law enforcement purposes. (The other exceptions in this regulation don't appear likely ever to apply to this kind of situation). If there is a law on the books requiring disclosure of drug-seeking behavior, exception (a) would apply; but I am not aware of any such laws (doesn't mean there aren't any, I just don't know of any). This is a very different approach to privacy from the assumption that if you break the law you lose your privacy. While the U.S. Constitution does not explicitly state a privacy right (there are theories that it does so implicitly, but that's another set of questions), HIPAA does create a statutory/regulatory set of privacy obligations on the part of CEs and entitlements on the part of individuals. I frankly don't think that a pharmacist's judgment that he thinks someone has broken the law by improperly seeking drugs (by the way, *is* drug-seeking behavior a crime? or just a basis for suspicion of a crime? or are we using an alert of this kind to prevent health problems and over-prescription?) will suffice to eliminate this entitlement (as a matter of law) or relieve the pharmacist, as a CE, of his or her obligation to respect these privacy entitlements by complying with the regulations. (By the way, what if he's wrong? In addition to breach of privacy there might well be a suit for libel available.) This is not to say something can't be done to communicate about this kind of problem - we have discussed it quite a bit and there have been a number of good postings on the subject - but the way to approach a solution it is to start with the regulations and read them carefully. (Also any applicable business associate contracts; for example, in your example of the PBM, has the PBM checked to make sure any BAC it has with a CE that provided some of the PHI which describes the prescriptions written permits that kind of disclosure? There are some badly drafted documents out there, not all of which might allow for everything you would like to assume they do.) The underlying point being that with HIPAA coming into effect decisions like these have to be made in a more formal way, with actual reference to regs and contracts and not in reliance on what you assume should be the right result. John R. Christiansen Preston | Gates | Ellis LLP 701 Fifth Avenue, Seattle, Washington 98104 *Direct: 206.613.7118 - *Cell: 206.683.9125 * [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED]
RE: HIPAA privacy and telephone
So far, the best scenario I have seen is the phone call that requests the patient to call back to the office. Part of the call back involves a pin or secret code that the patient was provided previously. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 9:51 AM To: WEDI SNIP Privacy Workgroup List Subject:Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say no, this type of disclosure is not allowed, would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) On occasion, we call test results to your home and leave the results with a family member if you are not present. Now, obviously, we would not do this with a HIV result but it seems like such a waste of everyone's time to play phone tag to accommodate the one patient in a million that is actually upset because you told the spouse what the potassium result was. Thank you. Rich Fairley, Dubuque, IA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: HIPAA privacy and telephone
The OCR guidance at http://www.hhs.gov/ocr/hipaa/privacy.html under incidental disclosures indicates that leaving information with family members or on an answering machine or mailing information is allowed, but also cautions that professional judgment should be used to assure that the information is limited to what is necessary and assure that its in the interests of the patient. Regards, lhc Leah Hole-Curry, JD FOX Systems, Inc. 602.708.1045 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. Doug Webb [EMAIL PROTECTED] 01/17/03 06:38 AM An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say no, this type of disclosure is not allowed, would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) On occasion, we call test results to your home and leave the results with a family member if you are not present. Now, obviously, we would not do this with a HIV result but it seems like such a waste of everyone's time to play phone tag to accommodate the one patient in a million that is actually upset because you told the spouse what the potassium result was. Thank you. Rich Fairley, Dubuque, IA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the
Re: What does it mean to have a separate authorization?
I have always considered this to mean that you did not necessarily need separate types of forms, but that certain authorizations must be limited to single purposes. However, if only one authorization form is created, it has to be designed carefully to meet all the different types of situations applicable to your business. I suspect that entities will find a generic form will work for most disclosures, but that certain disclosures, if applicable (like where you are allowed to condition treatment/enrollment or where, in research, it is combined with other information) would need a special form because the language will be different from the general circumstances where you cannot condition treatment or where it is combined with other types of permission/information. lhc Leah Hole-Curry, JD FOX Systems, Inc. 602.708.1045 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. [EMAIL PROTECTED] 01/17/03 06:40 AM I realized that I may be confused over what it means to have a separate authorization. The privacy rules clearly state that a separate authorization is needed for psychotherapy disclosures, that you cannot combine an authorization for psychotherapy with an authorization for most other disclosures. I assumed that meant you actually had to draft a separate form for psychotherapy disclosures but someone recently pointed out to me that it meant you could use the same authorizations for all disclosures, as long you when you used it for disclosures for psychotherapy, it was just used for that purpose Thoughts? Also, the rules state that you cannot combine authorizations where the entity can condition treatment upon its signing (like disclosures to a third party) with disclosures that cannot be conditioned. I assumed that you again had to draft separate disclosures forms but am I mistaken? Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Here is a good Privacy Issue that will cause problems
HIPAA is not intended to *preclude* use of PHI for treatment. Consultation with other providers for treatment purposes is specifically permitted, under the broadest terms of any of the HIPAA use/disclosure provisions. But the definition of CE does not include governmental *law enforcement* agencies - though it does include governmental *providers and plans* - and consultation with *law enforcement officials* is not *treatment.*(Unless you want to argue that becoming the subject of acriminal investigation and potentially criminal prosecution is "treatment," which would be an interesting semantic stretch and more to the point an interpretation inconsistent with the rules' own distinctions between the two types of PHI use.) Since a disclosure tolaw enforcement it is not for *treatment* other rules apply, which should not be difficult to comply with, though the failure to comply could expose the CE to penalties. Likewise, the disclosure of PHI to another pharmacist to advise him or her of possible drug-seeking behavior is not for the purpose of *treatment* unless both pharmacists have a professional relationship to the possible drug-seeker; the goal then would indeed be the provision of clinically sound treatment services. That purpose is *not* presentwhen a pharmacist sends that kind of information to another pharmacist who doesn't have a relationship to the individual in question -the latter is not engaged in "providing, coordinating or managing health care or related services" to the individual (the definition of "treatment"), so the former *cannot* be disclosing the PHI for that purpose. The question then is, if the disclosure to the second pharmacist is not for purposes oftreatment, what *is* the purpose of the disclosure? Once you have articulated that purpose accurately, you look at the rules to see if it is permitted, and if so under what conditions. If it is permitted, you disclose under the conditions the rule states (if any). If it is not permitted, you don't make the disclosure. I guess at this point I'm not sure what the resistance or disagreement is about.I think the prudent approach is to read the rules and work within them, and I think they can be worked with to legitimately handle the kind of situation described in Rebekah's original scenario (which is what I am still responding to). There appears to be a disagreement with this position and I'd like those who disagree to clarify what their own position in fact is. Is the disagreement based on the beliefthat this approach encroaches too much on traditional professional discretion of pharmacists to disclose patient information according to their own judgment, not according to bureaucratic rules?If so that is a legitimate position, one that has been articulated by a number of professionals in a number of settings, and one I sympathize with to an extent. Butit is also a position that in the final analysis is about HIPAA resistance, not HIPAA compliance. If the requirement to comply with bureaucraticrules improperly infringes on professional discretion, from the professional's point of view the solution is to abolish the rules (i.e., HIPAA), or to ignore them and be ready to take the consequences as a matter of taking the moral high ground against an intrusive government. But if you accept that the rules are legitimate, or at least that it is too risky to violate them, the solution is to read them and comply with them, and to the extent they do cause problems try to get HHS to reform them. If this is not an accurate description of the basis for disagreement with the "read the rules" approach, it would be helpful to know what the basis for the disagreement in fact *is.* If we are going to have divergent standards for approaching compliance we better get them on the table so we know what we are talking about. -Original Message-From: Matthew Rosenblum [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 16, 2003 4:57 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Here is a good Privacy Issue that will cause problems John, Under HIPAA, a pharmacist's job is to provide direct treatment services and to use and disclose related PHI in accordance with the privacy, security and TCS rules. So if a pharmacist needs to consult with other CE's in the neighbor (or to contact government offficials) to provide a clinically sound treatment service, how would HIPAA preclude those activities? I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may
RE: HIPAA privacy and telephone
With all due respect, and I mean it sincerely. Good idea for privacy Based on my many years of management engineering and the application of voice, data and image telecommunications systems in healthcare as an employee and later as a consultant I suggest it is unworkable. (really long and ill structured sentence). The major premise is When the patient calls back, someone who can accept the call and pin number is available. The major premise, although well intentioned, is false. When I try to get to my Doctor's office, I get a call management system 99% of the time. If I'm really lucky, I may get an answering service. People who work for many answering services are part timers, sometimes from temporary employment companies, working for minimum wage, with little or no healthcare background. Try and get them HIPAA certified. (I have also done consulting on Doctors' answering services.) I believe such a system would simply generate round after round of call backs which are unsuccessful. If anyone thinks this would actually work, should get another opinion and only pay for that opinion when the system is proven effective. I really would like to talk to the people who have used this successfully so that I might add to my professional knowledge and moderate my opinion on he matter or... is this simply a scenario from a brainstorming session? Additional comments are welcomed and desired. I find I learn more from people who disagree. Ben Tartaglia Benjamin W. Tartaglia, MBA, BSIM, CSP Director, Client Services BWT Associates, HealthCare Consultants HIPAA, JCAHO, Telemedicine, Contingency Planning, Telecommunications, Telephone Fraud Abuse, Training Programs, Policy Procedures, Management Audits. PO# 4515, Shrewsbury, MA 01545 Phone: 508-845-6000 EMail: [EMAIL PROTECTED] -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:09 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone So far, the best scenario I have seen is the phone call that requests the patient to call back to the office. Part of the call back involves a pin or secret code that the patient was provided previously. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 9:51 AM To: WEDI SNIP Privacy Workgroup List Subject:Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say no, this type of disclosure is not allowed, would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) On occasion, we call test results to your home and leave the results with a family member if you are not present. Now, obviously, we would not do this with a HIV result but it seems like such a waste of everyone's time to play phone tag to accommodate the one patient in a million that is actually upset because you told the spouse what the potassium result was. Thank you. Rich Fairley, Dubuque, IA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual
RE: HIPAA privacy and telephone
A but who said anything about calling back and getting a human? Call back, get the robot, type in the secret code (pin), get the recording with the nurse and/or physician's message about my lab work. Donald -Original Message- From: Benjamin W. Tartaglia [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 12:17 PM To: WEDI SNIP Privacy Workgroup List Subject:RE: HIPAA privacy and telephone With all due respect, and I mean it sincerely. Good idea for privacy Based on my many years of management engineering and the application of voice, data and image telecommunications systems in healthcare as an employee and later as a consultant I suggest it is unworkable. (really long and ill structured sentence). The major premise is When the patient calls back, someone who can accept the call and pin number is available. The major premise, although well intentioned, is false. When I try to get to my Doctor's office, I get a call management system 99% of the time. If I'm really lucky, I may get an answering service. People who work for many answering services are part timers, sometimes from temporary employment companies, working for minimum wage, with little or no healthcare background. Try and get them HIPAA certified. (I have also done consulting on Doctors' answering services.) I believe such a system would simply generate round after round of call backs which are unsuccessful. If anyone thinks this would actually work, should get another opinion and only pay for that opinion when the system is proven effective. I really would like to talk to the people who have used this successfully so that I might add to my professional knowledge and moderate my opinion on he matter or... is this simply a scenario from a brainstorming session? Additional comments are welcomed and desired. I find I learn more from people who disagree. Ben Tartaglia Benjamin W. Tartaglia, MBA, BSIM, CSP Director, Client Services BWT Associates, HealthCare Consultants HIPAA, JCAHO, Telemedicine, Contingency Planning, Telecommunications, Telephone Fraud Abuse, Training Programs, Policy Procedures, Management Audits. PO# 4515, Shrewsbury, MA 01545 Phone: 508-845-6000 EMail: [EMAIL PROTECTED] -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:09 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone So far, the best scenario I have seen is the phone call that requests the patient to call back to the office. Part of the call back involves a pin or secret code that the patient was provided previously. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 9:51 AM To: WEDI SNIP Privacy Workgroup List Subject:Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say no, this type of disclosure is not allowed, would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) On occasion, we call test results to your home and leave the results with a family member if you are not present. Now,
RE: HIPAA privacy and telephone
This is exactly what my physician does. When I have lab work at his office, I am given a slip of paper that has dial-in instructions, the pin number and my code number and when I can expect for the results to be available. I dial-in and listen to my physician's pre-recorded message to me regarding the results of my lab work and any comments about it. Only if the results are really bad does the doctor or nurse personally call and discuss the results (and this is prior to the results being available on the dial-in system). I like the system since there is no phone tag, I can listen to the results when convenient for me, don't have to worry about family members accidently erasing the message and I can listen to it again (for up to so many days). The only down side is when the doctor does call you know immediately that it is not good news. -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 11:47 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone A but who said anything about calling back and getting a human? Call back, get the robot, type in the secret code (pin), get the recording with the nurse and/or physician's message about my lab work. Donald -Original Message- From: Benjamin W. Tartaglia [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 12:17 PM To: WEDI SNIP Privacy Workgroup List Subject:RE: HIPAA privacy and telephone With all due respect, and I mean it sincerely. Good idea for privacy Based on my many years of management engineering and the application of voice, data and image telecommunications systems in healthcare as an employee and later as a consultant I suggest it is unworkable. (really long and ill structured sentence). The major premise is When the patient calls back, someone who can accept the call and pin number is available. The major premise, although well intentioned, is false. When I try to get to my Doctor's office, I get a call management system 99% of the time. If I'm really lucky, I may get an answering service. People who work for many answering services are part timers, sometimes from temporary employment companies, working for minimum wage, with little or no healthcare background. Try and get them HIPAA certified. (I have also done consulting on Doctors' answering services.) I believe such a system would simply generate round after round of call backs which are unsuccessful. If anyone thinks this would actually work, should get another opinion and only pay for that opinion when the system is proven effective. I really would like to talk to the people who have used this successfully so that I might add to my professional knowledge and moderate my opinion on he matter or... is this simply a scenario from a brainstorming session? Additional comments are welcomed and desired. I find I learn more from people who disagree. Ben Tartaglia Benjamin W. Tartaglia, MBA, BSIM, CSP Director, Client Services BWT Associates, HealthCare Consultants HIPAA, JCAHO, Telemedicine, Contingency Planning, Telecommunications, Telephone Fraud Abuse, Training Programs, Policy Procedures, Management Audits. PO# 4515, Shrewsbury, MA 01545 Phone: 508-845-6000 EMail: [EMAIL PROTECTED] -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:09 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone So far, the best scenario I have seen is the phone call that requests the patient to call back to the office. Part of the call back involves a pin or secret code that the patient was provided previously. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 9:51 AM To: WEDI SNIP Privacy Workgroup List Subject:Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message,
RE: HIPAA privacy and telephone
Can anyone point me towards vendors of systems like this (off list, please) Thank you, Bruce Bradigan Healthcare Consultant -Original Message- From: Lawson, Pam [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 1:03 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone This is exactly what my physician does. When I have lab work at his office, I am given a slip of paper that has dial-in instructions, the pin number and my code number and when I can expect for the results to be available. I dial-in and listen to my physician's pre-recorded message to me regarding the results of my lab work and any comments about it. Only if the results are really bad does the doctor or nurse personally call and discuss the results (and this is prior to the results being available on the dial-in system). I like the system since there is no phone tag, I can listen to the results when convenient for me, don't have to worry about family members accidently erasing the message and I can listen to it again (for up to so many days). The only down side is when the doctor does call you know immediately that it is not good news. (prior messages snipped) --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: HIPAA privacy and telephone
Title: RE: HIPAA privacy and telephone Be careful - If you say that an authorization is required, a y/n question will not fill the void even if you track it. If you say that an authorization is required, it must be a HIPAA valid authorization and there are a list of about 10 required components to be a valid auth. I happen to agree that an auth would be required with one exception - an authorizedpersonal representative could be given the patient's info. There is also the paragraph about exceptions in the treatment relationship when the family member is involved in the carebut this may be an area that is too gray for this type of situation. BK -Original Message-From: Clay, Roy III (NO) [mailto:[EMAIL PROTECTED]]Sent: Friday, January 17, 2003 4:09 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: HIPAA privacy and telephone My feeling is that unless you have authorization from the patient, anything other than giving the results directly to the patient is not allowed. You wish you can have an opt-in question on the order of "Do we have your permission to leave medical information with your spouse?(Y/N) These responses would have to be tracked and adhered to. -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 8:51 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: [EMAIL PROTECTED] To: "WEDI SNIP Privacy Workgroup List" [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say "no, this type of disclosure is not allowed", would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) "On occasion, we call test results to your home and leave the results with a family member if you are not present". Now, obviously, we would not do this with a HIV result but it seems like such a waste of everyone's time to play phone tag to accommodate the one patient in a million that is actually upset because you told the spouse what the potassium result was. Thank you. Rich Fairley, Dubuque, IA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org---The WEDI SNIP listserv to which you are subscribed is not moderated. The
RE: HIPAA privacy and telephone
Title: RE: HIPAA privacy and telephone 164.510 allows, but does not require covered entities to disclose or use protected health information to: Family members, close friends, or others assisting in an individuals care. Rule requires that the individual be notified in advance and given the opportunity to agree or prohibit or restrict the use or disclosure. This can be oral agreement. So this is a matter of #1 Notification and #2 during the office visit obtaining permission to inform the spouse or other family members who are involved in the medical care of the individual. Gerry Friberg Client Service Manager Professional Business Services 7700 A Street Lincoln, NE 68510 402-489-7131 www.pbssite.com -Original Message-From: Clay, Roy III (NO) [mailto:[EMAIL PROTECTED]]Sent: Friday, January 17, 2003 3:09 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: HIPAA privacy and telephone My feeling is that unless you have authorization from the patient, anything other than giving the results directly to the patient is not allowed. You wish you can have an opt-in question on the order of "Do we have your permission to leave medical information with your spouse?(Y/N) These responses would have to be tracked and adhered to. -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 8:51 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: [EMAIL PROTECTED] To: "WEDI SNIP Privacy Workgroup List" [EMAIL PROTECTED] Sent: Thursday, January 16, 2003 04:04 PM Subject: HIPAA privacy and telephone I would like the lists opinion on this topic. Patient comes to the office to have their potassium checked because they are on a diuretic. Later, the physician's nurse calls the patient at home with results but the patient is not home. Spouse answers the phone. Can you tell the spouse that the potassium was fine and that he/she should tell the spouse to continue the same dose of diuretic and potassium supplement? If you say "no, this type of disclosure is not allowed", would it matter that we put a statment in our Notice of Privacy Practices that stated (in the section on Payment, treatment and health care operations) "On occasion, we call test results to your home and leave the results with a family member if you are not present". Now, obviously, we would not do this with a HIV result but it seems like such a waste of everyone's time to play phone tag to accommodate the one patient in a million that is actually upset because you told the spouse what the potassium result was. Thank you. Rich Fairley, Dubuque, IA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org---The WEDI SNIP
Re: HIPAA privacy and people
With the same due respect, and I, too, mean it sincerely, the word 'unworkable' is very tempting to apply to the whole HIPAA scenario where there is an interface with patients. Take a look at what all you very bright and well-intentioned folks have been posting over the past several months. This is a high level of confusion among intelligent people. Now translate that to the undeniable fact that half the people in the real world are below average intelligence (IQ 100) and the world we physicians live and work in is populated by patients who, through no fault of their own, exhibit an even higher percentage of room temperature IQs. Sure, we will get some of the people complying some of the time, but all of the people all of the time is, in a word, unworkable. To have us exposed to legal liability in this situation is, in another word, unfair. I believe we providers should demand an umbrella of some sort to protect us from unwarranted, arbitrary, over-zealous enforcement of an essentially unworkable set of regulations. I'd love to hear other opinions on this - here if you think it warranted, privately if you think otherwise. FWDanby, MD [EMAIL PROTECTED] - Original Message - From: Benjamin W. Tartaglia [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Friday, January 17, 2003 12:17 PM Subject: RE: HIPAA privacy and telephone With all due respect, and I mean it sincerely. Good idea for privacy Based on my many years of management engineering and the application of voice, data and image telecommunications systems in healthcare as an employee and later as a consultant I suggest it is unworkable. (really long and ill structured sentence). The major premise is When the patient calls back, someone who can accept the call and pin number is available. The major premise, although well intentioned, is false. When I try to get to my Doctor's office, I get a call management system 99% of the time. If I'm really lucky, I may get an answering service. People who work for many answering services are part timers, sometimes from temporary employment companies, working for minimum wage, with little or no healthcare background. Try and get them HIPAA certified. (I have also done consulting on Doctors' answering services.) I believe such a system would simply generate round after round of call backs which are unsuccessful. If anyone thinks this would actually work, should get another opinion and only pay for that opinion when the system is proven effective. I really would like to talk to the people who have used this successfully so that I might add to my professional knowledge and moderate my opinion on he matter or... is this simply a scenario from a brainstorming session? Additional comments are welcomed and desired. I find I learn more from people who disagree. Ben Tartaglia Benjamin W. Tartaglia, MBA, BSIM, CSP Director, Client Services BWT Associates, HealthCare Consultants HIPAA, JCAHO, Telemedicine, Contingency Planning, Telecommunications, Telephone Fraud Abuse, Training Programs, Policy Procedures, Management Audits. PO# 4515, Shrewsbury, MA 01545 Phone: 508-845-6000 EMail: [EMAIL PROTECTED] -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:09 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and telephone So far, the best scenario I have seen is the phone call that requests the patient to call back to the office. Part of the call back involves a pin or secret code that the patient was provided previously. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 9:51 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: HIPAA privacy and telephone An extension to this -- how do you handle answering machines? My gut feeling is that either a no-no (the machine more questionable than a family member) -- the information could only be released to the patient or his/her representative designated in a written authorizaton. Perhaps another signature on your main consent/authorization form to allow these types of communications is what's needed??? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action
