RE: HIPAA privacy and people
Darrell, Thank you for sharing your thoughts. And now that you brought it up, how would you compare the "42 CFR" consent with the (voluntary) HIPAA-consent and the HIPAA-authorization. In my mind, the "42 CFR" allows a more generalized use and disclosure for TPO, and consequently is more equivalent to the (voluntary) HIPAA-consent, than it is to the more specific HIPAA-authorization. But, I would like to know your take on this matter. Thanks in advance. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Darrell Rishel [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 18, 2003 5:11 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: HIPAA privacy and people I really find many of these conversations entertaining (also frequently enlightening and helpful). "Unworkable?" Hardly. Most of you appear to not realize how lucky you are! Nor does it appear that you give yourselves much credit for being creative and resourceful. I work for an alcohol and drug abuse treatment provider. We in this field have successfully operated under what is, generally, a more demanding set of patient privacy rules (42 C.F.R. Part 2, not to mention state mental health statutes, which are also usually very strict)than those found in HIPAA. E.g., unlike "regular" health care providers, we have to have the patient's written authorization to talk to another treatment provider, not to mention just about everyone else, including payers. If we can successfully operate in our environment, you can successfully operate in the HIPAA environment! Will you have to change some of your current business practices? Yes. Will you frequently find the rules to be a pain in the neck (not to mention other parts of your anatomy)? Certainly. Is compliance an impossible task? No. Will it cost you some money, not only to implement, but to abide by in the future? Probably. Are all of these new rules, which are intended to benefit patients in terms of protecting their privacy, going to be otherwise beneficial to them? No. Some of the burden of complying with these rules is going to make it harder for patients, too. These rules are not necessarily "customer friendly." The patients are going to have to make some changes and part of our responsibility will be to educate and help them. No doubt we will frequently be blamed for the inconvenience, but what's new? As with any other set of government statutes and regulations which I have ever read, there are ambiguities, if not worse defects. It will take time, and perhaps additional rule-making, to sort everything out (if we ever get to that point, which may never happen in such a complex area with so many legitimate, competing private and public interests). I suggest, however, that it would be more productive to spend time looking for solutions to the challenges presented rather than bemoaning our fate. Pin numbers? I think that may be a very workable concept for some settings. I've been telephoning my bank for years (mostly I do it on-line now) and putting in a pin number and my account code to access my bank account. Let's get on with it! Darrell Rishel, J.D. Director of Information Services Arapahoe House, Inc. This message is not legal advice or a binding signature. > -Original Message- > From: fwdanby [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 17, 2003 5:01 PM > To: WEDI SNIP Privacy Workgroup List > Cc: WEDI SNIP Privacy Workgroup List > Subject: Re: HIPAA privacy and people > > > With the same due respect, and I, too, mean it sincerely, the word > 'unworkable' is very tempting to apply to the whole HIPAA > scenario where > there is an interface with patients. > Take a look at what all you very bright and well-intentioned > folks have been > posting over the past several months. This is a high level of > confusion > among intelligent people. Now translate that to the > undeniable fact that > half the people in the real world are below average > intelligence (IQ < 100
RE: HIPAA privacy and people
I really find many of these conversations entertaining (also frequently enlightening and helpful). "Unworkable?" Hardly. Most of you appear to not realize how lucky you are! Nor does it appear that you give yourselves much credit for being creative and resourceful. I work for an alcohol and drug abuse treatment provider. We in this field have successfully operated under what is, generally, a more demanding set of patient privacy rules (42 C.F.R. Part 2, not to mention state mental health statutes, which are also usually very strict)than those found in HIPAA. E.g., unlike "regular" health care providers, we have to have the patient's written authorization to talk to another treatment provider, not to mention just about everyone else, including payers. If we can successfully operate in our environment, you can successfully operate in the HIPAA environment! Will you have to change some of your current business practices? Yes. Will you frequently find the rules to be a pain in the neck (not to mention other parts of your anatomy)? Certainly. Is compliance an impossible task? No. Will it cost you some money, not only to implement, but to abide by in the future? Probably. Are all of these new rules, which are intended to benefit patients in terms of protecting their privacy, going to be otherwise beneficial to them? No. Some of the burden of complying with these rules is going to make it harder for patients, too. These rules are not necessarily "customer friendly." The patients are going to have to make some changes and part of our responsibility will be to educate and help them. No doubt we will frequently be blamed for the inconvenience, but what's new? As with any other set of government statutes and regulations which I have ever read, there are ambiguities, if not worse defects. It will take time, and perhaps additional rule-making, to sort everything out (if we ever get to that point, which may never happen in such a complex area with so many legitimate, competing private and public interests). I suggest, however, that it would be more productive to spend time looking for solutions to the challenges presented rather than bemoaning our fate. Pin numbers? I think that may be a very workable concept for some settings. I've been telephoning my bank for years (mostly I do it on-line now) and putting in a pin number and my account code to access my bank account. Let's get on with it! Darrell Rishel, J.D. Director of Information Services Arapahoe House, Inc. This message is not legal advice or a binding signature. > -Original Message- > From: fwdanby [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 17, 2003 5:01 PM > To: WEDI SNIP Privacy Workgroup List > Cc: WEDI SNIP Privacy Workgroup List > Subject: Re: HIPAA privacy and people > > > With the same due respect, and I, too, mean it sincerely, the word > 'unworkable' is very tempting to apply to the whole HIPAA > scenario where > there is an interface with patients. > Take a look at what all you very bright and well-intentioned > folks have been > posting over the past several months. This is a high level of > confusion > among intelligent people. Now translate that to the > undeniable fact that > half the people in the real world are below average > intelligence (IQ < 100) > and the world we physicians live and work in is populated by > patients who, > through no fault of their own, exhibit an even higher > percentage of room > temperature IQs. > Sure, we will get some of the people complying some of the > time, but all of > the people all of the time is, in a word, unworkable. > To have us exposed to legal liability in this situation is, > in another word, > unfair. > I believe we providers should demand an umbrella of some sort > to protect us > from unwarranted, arbitrary, over-zealous enforcement of an > essentially > unworkable set of regulations. > I'd love to hear other opinions on this - here if you think > it warranted, > privately if you think otherwise. > FWDanby, MD [EMAIL PROTECTED] > > - Original Message - > From: "Benjamin W. Tartaglia" <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Friday, January 17, 2003 12:17 PM > Subject: RE: HIPAA privacy and telephone > > > > With all due respect, and I mean it sincerely. > > > > Good idea for privacy Based on my many years of management > > engineering and the application of voice, data and image > telecommunications > > systems in healthcare as an employee and later as a > consultant I suggest > it > > is unworkable. (really long and ill structured sentence). > > > > The major premise is "When the patient calls back, someone > who can accept > > the call and pin number is available". The major premise, > although well > > intentioned, is false. > > > > When I try to get to my Doctor's office, I get a call > management system > 99% > > of the time. If I'm really lucky, I may get an answering > service.
RE: HIPAA privacy and people
Well we haven't heard from the AAPS and their supporters for quite a while! Not to worry, private civil litigation will be the enforcement method of choice for those impacted by providers who disregard HIPAA. While some of us have been working with the standards bodies and government to obtain some latitude, thus far it appears it will be afforded to the transactional side of the equation only, and it is very unlikely under privacy. However, I have every confidence that litigators and our state courts will be the ultimate determinator of the workability of HIPAA as applied to individuals providers, particularly those more concerned with avoiding it than implementing it. Frankly HIPAA Privacy is workable. It is already the standard of care. It is irrational resistance to change that has made the process so difficult. Tim McGuinness, Ph.D. -Original Message- From: fwdanby [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 7:01 PM To: WEDI SNIP Privacy Workgroup List Cc: WEDI SNIP Privacy Workgroup List Subject: Re: HIPAA privacy and people With the same due respect, and I, too, mean it sincerely, the word 'unworkable' is very tempting to apply to the whole HIPAA scenario where there is an interface with patients. Take a look at what all you very bright and well-intentioned folks have been posting over the past several months. This is a high level of confusion among intelligent people. Now translate that to the undeniable fact that half the people in the real world are below average intelligence (IQ < 100) and the world we physicians live and work in is populated by patients who, through no fault of their own, exhibit an even higher percentage of room temperature IQs. Sure, we will get some of the people complying some of the time, but all of the people all of the time is, in a word, unworkable. To have us exposed to legal liability in this situation is, in another word, unfair. I believe we providers should demand an umbrella of some sort to protect us from unwarranted, arbitrary, over-zealous enforcement of an essentially unworkable set of regulations. I'd love to hear other opinions on this - here if you think it warranted, privately if you think otherwise. FWDanby, MD [EMAIL PROTECTED] - Original Message - From: "Benjamin W. Tartaglia" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Friday, January 17, 2003 12:17 PM Subject: RE: HIPAA privacy and telephone > With all due respect, and I mean it sincerely. > > Good idea for privacy Based on my many years of management > engineering and the application of voice, data and image telecommunications > systems in healthcare as an employee and later as a consultant I suggest it > is unworkable. (really long and ill structured sentence). > > The major premise is "When the patient calls back, someone who can accept > the call and pin number is available". The major premise, although well > intentioned, is false. > > When I try to get to my Doctor's office, I get a call management system 99% > of the time. If I'm really lucky, I may get an answering service. People > who work for many answering services are part timers, sometimes from > temporary employment companies, working for minimum wage, with little or no > healthcare background. Try and get them HIPAA certified. > (I have also done consulting on Doctors' answering services.) > > I believe such a system would simply generate round after round of call > backs which are unsuccessful. If anyone thinks this would actually work, > should get another opinion and only pay for that opinion when the system is > proven effective. > > I really would like to talk to the people who have used this successfully so > that I might add to my professional knowledge and moderate my opinion on he > matter or... is this simply a "scenario" from a brainstorming session? > > Additional comments are welcomed and desired. I find I learn more from > people who disagree. > > Ben Tartaglia > Benjamin W. Tartaglia, MBA, BSIM, CSP > Director, Client Services > BWT Associates, HealthCare Consultants > > HIPAA, JCAHO, Telemedicine, Contingency Planning, Telecommunications, > Telephone Fraud & Abuse, Training Programs, Policy & Procedures, Management > Audits. > > PO# 4515, Shrewsbury, MA 01545 > Phone: 508-845-6000 > EMail: [EMAIL PROTECTED] > > -Original Message- > From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 17, 2003 10:09 AM > To: WEDI SNIP Privacy Workgroup List > Subject: RE: HIPAA privacy and telephone > > > So far, the best scenario I have seen is the phone call that requests the > patient to call back to the office. Part of the call back involves a pin or > secret code that the patient was provided previously. > > Donald L. Ribelin > HIPAA Project Manager > Firsthealth of the Carolinas > (910) 215-2668 > [EMAIL PROTECTED] > > -Original Message- > From: Doug Webb [mailto:[EMAIL PROTECTED]] > Sent:
