RE: Accounting for disclosures
We are an acute care facility that will be implementing both an automated process a manual process. After completing an extensive analysis and several brainstorming sessions, we found that a lot of what we are required to track is already documented in the patient's medical record. Those items that are not will be submitted from the individual disclosing the information to a centralized location (contact person) where the disclosure will be logged into an ACCESS database. When the patient requests an accounting, the contact person will pull the patient's chart to review for the disclosures that are documented add to the database. In turn, the database will print the report to give to the patient. The database will also track any suspension requests received from law enforcement, etc. and all requests that have been received from the patient. I created this database for our organization and I know enough about ACCESS to be dangerous (did not cost me thousands of dollars to develop). Employees who disclose patient information in error will have to complete an incident report that will also be provided for tracking purposes. Any other disclosures made via telephone to public health, coroner, etc. will be documented and emailed to the contact person to add to the tracking database. Will this work? I hope so! I have thought about every way possible. Obtaining the majority of disclosures from the patient's chart will get better compliance than to add another step for our clinical staff to handle while they are trying to take care of our patients. Patient Care comes first! Hope this information has helped some of you... email me directly if you would like additional information. Tina C. Lamb HIPAA and Corporate Compliance Coordinator St. Francis Hospital, Inc. 706/596-4411 x 5657 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 5:01 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Accounting for disclosures I work with a large healthcare system in New Mexico. We also would like to know if other CE's are considering automated or manual solutions for tracking disclosures and producing an accounting as required by law. Also, how are other CE's handling the issue of being able to report not only their own disclosures, but also those made by Business Associates: - do you plan to survey business associates each time a request for an accounting comes in? - do you plan to ask business associates to proactively report any disclosures they make? - how will you keep track of this? Thanks! Julie Fulcher HIPAA Project Manager Presbyterian Healthcare Services Albuquerque, New Mexico 87125- (505) 923-6397 [EMAIL PROTECTED] -Original Message- From: Halterman, Anita [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 6:16 PM To: WEDI SNIP Privacy Workgroup List Subject: Accounting for disclosures The NMEH HIT sub workgroup intends to discuss accounting for disclosures during the next HIT call. During our last call the topic came up for discussion and I offered to post an email to a couple of listservs to generate some discussion regarding this topic. How have CE's been dealing with HIPAA's accounting requirements? Do CE's have tools that they would be willing to share that might make it easier for those who are still struggling with this subject to use to assist them with sorting this requirement out? Are CE's approaching the accounting requirements by using paper tracking systems or through the use of electronic tracking systems? If anyone has best practices that they would be willing to share about how to address these issues, please share them. Thank you, Anita Halterman HIPAA Integration and Transition (HIT) Co-Chair, Health Policy Analyst HIPAA Privacy and Security Coordinator State of Alaska, Department of Health and Social Services, Division of Medical Assistance, 4501 Business Park Blvd., Suite 24 Anchorage, AK 99503-7167 (907)334-2431 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the
JCAHO BA resource
New Tools Now Available on Jayco The Joint Commission's extranet for health care organizations, Jayco, will be a key source of information and communication throughout 2003 and under the 2004 accreditation process Shared Visions-New Pathways. Jayco now houses a model HIPAA business associate agreement for review on HIPAA regulations for the Standards for Privacy of Individually Identified Health Information, which will be effective in April 2003. The Jayco site enables electronic signature and submission by health care organizations of this agreement. And beginning in February, accreditation reports, with confidential survey information including details of the organization's requirements for improvement and status, will become available on Jayco. This information will only be available to the health care organization itself or, if it is part of a system, the corporate office. Complete story: http://www.jcaho.org/About+Us/News+Letters/JCAHOnline/jo_01_03.htm#jayco Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: EMS and the NPP
Yes, the Preamble states that in emergency situations the EMS must still provide the NPP as soon as reasonably practicable after the emergency and that the EMS must provide the NPP and make a good faith effort to obtain written acknowledgment at the time of transportation in non-emergency cases. The Preamble that you cite directly contradicts your prior statement. Is there something I am missing? Jud -Original Message- From: William Gateland [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 8:37 PM To: Gerald E. DeLoss; WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP Check out Aug 14, 02 Final Rule, pg 53242 where it talks about ambulance services. --- Gerald E. DeLoss [EMAIL PROTECTED] wrote: What specific section of the rule do you base this on? I disagree. Jud Gerald Jud E. DeLoss, Esq. Barnwell Whaley Patterson Helms, LLC 885 Island Park Drive Post Office Drawer H (29402) Charleston, SC 29492 Telephone (843) 577-7700 Direct (843) 329-5313 Facsimile (843) 577-7708 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] The information contained in this message may be privileged and/or confidential and protected from disclosure. If the reader of this message is not the intended recipient or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete all copies of the material. -Original Message- From: William Gateland [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 8:05 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP Forget all this talk about layered notice or full notice. The EMS does not have to carry NPP's or give them out per the rule. Bodhitaro1 --- Dee Warrington [EMAIL PROTECTED] wrote: Spencer, Donald is correct. Members/patients must receive the whole document -- even if covered entities choose to create a layered notice. It is simply an executive summary for the members/patients. Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955 Warner Center Lane Woodland Hills, CA 91367 (818) 598-6606 Fax: (818) 598-3270 [EMAIL PROTECTED] -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 8:55 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP Spencer, this is not how I read this provision. I believe you must provide the entire NPP, not just part of it. IMHO, the layer is simply a bulleted cover sheet that is meant to assist the patient in better understanding their rights. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Spencer Hall [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 10:33 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP The recent guidance allows for a layered NPP - you can provide your customers with a shot form and then provide the long form if it is requested. Spencer D. Hall Health Information Security Officer St. Vincent's (904) 308-7029 [EMAIL PROTECTED] Ribelin, Donald [EMAIL PROTECTED] 01/23/03 07:56AM Chris, thanks for the feedback. Biggest problem, our NPP is five pages (front and back) long. Attaching it becomes an issue secondary to its bulk. Good point about 911 calls. We are less worried about them. Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -Original Message- From: Chris Brancato [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 10:20 AM To: Ribelin, Donald; WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP Don, I consult with some of the nations largest Fire/EMS departments for HIPAA. I advise several different ways. Non-transports require a treat and release signature from a patient. A copy of NPP can be printed on the back or separately, but they should make a reasonable attempt to provide the NPP. What you don't say is how they are activated. If they are activated via 911, this is an emergency response, not requiring an NPP as the call is emergency, not routine, in nature. I also advise departments that do the billing to include the NPP in the billing statement, just like the Credit Card companies do. Hope that helps. Chris Brancato -Original Message- From: Ribelin, Donald [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 8:03 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: EMS and the NPP An interesting
clergy disclosure policy
We have decided to limit information disclosure by denomination, as specified in the OCR December, 2002 guidance, along with having an opt-in policy for people who wish to be visited by a member of the clergy. However, we ran into a problem. We have in our area the State of Kansas Chaplain of the American Legion, who travels throughout the state visiting hospitalized veterans. He is requesting to see the entire directory. When we told him that we could not do that, he appealed to the hospital CEO. He does not carry any identification that shows denominational affiliation. He has a hand-written card that says State Chaplain of American Legion. Neither the Privacy Officer nor I are comfortable providing the entire facility directory to anyone. Does anyone have suggestions for how to deal with this? Beth -- Beth Cole Information Services Support Specialist Newman Regional Health Emporia, Kansas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Some Questions that I've asked before....
Hi All, I've asked these questions before, but didn't get much response (or any at all on some). Since we're all getting close to THE DATE, I thought re-asking might get more/better response, so I'm re-postinga digest of the questions. Any discussions of what you are doing and / or suggestions are welcome. _ Private Communications These questions are about Private Communications (PC) Customer Service: 1) How do you respond to a Customer Service Inquiry fromthe contract holder (subscriber) when someone on that contract has invoked PC? Do you just say, "I can't give any further information" or "I've released all the information to which you are entitled" or some other sentence/phrase with similar meaning? I realize you can't just say, "Someone on your contract has requested Private Communications". Possible scenario: Jane, the wife of Joe Contractholder requests PC, primarily because she's going to a psychologist. Because Jane has requested PC, the insurance company (or provider) routes ALL her claim EOBs (or bills)to an alternate address. Joe calls customer service to ask where the Explanation of Benefits (EOB) is for his wife's recent visit to the Emergency Room for a twisted ankle. How should the customer service rep answer? 2) How do you send out the EOB when you have a non-custodial and custodial parent getting EOBs and one of the children has invoked PC? We have a number of these situations where we have received a Domestic Relations Court Order to send the underage dependent EOBs to both the custodial and non-custodial parents. As long as they haven't reached 18, we comply with the order (or if a dependent is in college, until they graduate). Possible scenario: Joe Doe (Contractholder) and Jane Doe (Joe's former wife and mother of Donna Doe) have both been receiving Donna's EOBs pursuant to a court order. Donna's in college and goes to her OB/Gyn and asks for birth control pills. Donna doesn't want her father to know (he has a temper), so she invokes PC with both the Provider and the insurance company. All of a sudden, neither Joe or Jane are getting copies of Donna's EOB's. Jane knows that Donna went to the OB/Gyn but doesn't get a copy of the EOB. She calls Joe and asks if he has gotten the EOB yet... of course he says no. So she calls customer service. How should the customer service rep answer? Does HIPAA Privacy override the Domestic Relations Order or vice versa? 3) How do you respond to a 12 year old who asks for PC when calling/writing to Customer Service? Do you explain and direct her to go to court to get a court order giving her the right to invoke PC? Do you grant the request absent the court order even though she isn't 18 (or what ever the age of majority/emancipation is in the your state)? We are primarily concerned with inadvertently cluing in a parent/spouse that there has been a PC request, where the contractholder thinks that they have the right to get such information (people can get pretty irate in these situations). We want to avoid the situation where an abusive spouse/parent figures something funnyis going on, and injures the person who requested PC in trying to get them to tell the abusive person what's going on. What are our responsibilities when an underage dependent asks for PC? There doesn't seem to be any good answers here, only compromises that have varying degrees of risk. How are you people out there planning on handling these situations? Any help / advice / suggestions would be welcome. _ Amendments Say that you do turn down an amendment request (for good and legitimate reasons... ie amending medical data that came from somewhere else). The regulation says that (after going to an appeal process) the patient/member has the right to file a statement giving their side of the story and make it a part of the recordor just have it noted in the record that an amendment request was filed. The CE that receives the request/statement must then include that an amendment was filed and (if supplied) the statement in all disclosures of that claim data from that point forward... and have it sent to specified entities that have already received the data. There is even a point in the reg where it says that the amendment flag and statement must be sent along with a standard transaction, even though there is no place for it. _ How detailed must my Designated Record Set be? Should the DRS be at the level of the EOB or should you give the most of the data elements in all patient/subscriber related systems? The Regulations clearly state that we must show all data that we used to make a decision about the subscriber / patient But at what level? I vote for somewhere in between. Clearly, as an insurance company, we don't have to disclose confidential corporate data
Re: clergy disclosure policy
In fact, section 164.514(h)(1) which establishes the requirements to verify the identity and the authority of a person requesting PHI specifically exempts disclosures under section 164.510 (the section that permits disclsoure for facility directories and notification purposes) from that requirement. So I don't think you have to worry about documenting the validity of this person's claim that he is a member of the clergy. If you reasonably believe that he is a member of the clergy, based on whatever information you have, then I think you could defend your position as long as you did not know in fact that he was not a member of the clergy. Section 164.510(a)(1)(ii) specifies that facility directory information may be disclosed to members of the clergy or to individuals that ask for the patient by name. Therefore, if you believe he is a member of the clergy then I think you could disclose the directory to him. Note, however, that this is all up to your discretion. The rule does not establish any rights of the clergy to access this information, it only permits you to make such disclosures if you so wish. If a member of the clergy who had no recognized affiliation or relationship with my facility was asking for disclosure, the safer course of action may be to deny access. Noel Chang -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: Beth Cole [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Tue, 28 Jan 2003 08:59:45 -0600 Subject: clergy disclosure policy We have decided to limit information disclosure by denomination, as specified in the OCR December, 2002 guidance, along with having an opt-in policy for people who wish to be visited by a member of the clergy. However, we ran into a problem. We have in our area the State of Kansas Chaplain of the American Legion, who travels throughout the state visiting hospitalized veterans. He is requesting to see the entire directory. When we told him that we could not do that, he appealed to the hospital CEO. He does not carry any identification that shows denominational affiliation. He has a hand-written card that says State Chaplain of American Legion. Neither the Privacy Officer nor I are comfortable providing the entire facility directory to anyone. Does anyone have suggestions for how to deal with this? Beth -- Beth Cole Information Services Support Specialist Newman Regional Health Emporia, Kansas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- End of Original Message --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Accounting for disclosures
Tina, I am glad to here that someone else is utilizing existing systems. I also have developed a database for tracking disclosures. We, however have identified areas that release info and those departments/areas will be given access to enter the disclosure by patient into the database. Thanks Mary Duarte-Stucky Regional Leader, HIPAA Privacy and Security Officer E-mail: [EMAIL PROTECTED] Phone: 865-545-8311 Fax: 865-545-7380 The information contained in this communication and any attached documents is intended only for the personal and confidential use of the designated recipient(s). This message may be a confidential and privileged communication. If the reader of this message is not the intended recipient (or agent responsible for delivering it to the intended recipient), you are hereby notified that any unauthorized distribution or copying of this e-mail or the information contained in it is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Lamb, Tina [EMAIL PROTECTED]To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] cc: 01/28/2003 08:29 Subject: RE: Accounting for disclosures AM Please respond to Lamb, Tina We are an acute care facility that will be implementing both an automated process a manual process. After completing an extensive analysis and several brainstorming sessions, we found that a lot of what we are required to track is already documented in the patient's medical record. Those items that are not will be submitted from the individual disclosing the information to a centralized location (contact person) where the disclosure will be logged into an ACCESS database. When the patient requests an accounting, the contact person will pull the patient's chart to review for the disclosures that are documented add to the database. In turn, the database will print the report to give to the patient. The database will also track any suspension requests received from law enforcement, etc. and all requests that have been received from the patient. I created this database for our organization and I know enough about ACCESS to be dangerous (did not cost me thousands of dollars to develop). Employees who disclose patient information in error will have to complete an incident report that will also be provided for tracking purposes. Any other disclosures made via telephone to public health, coroner, etc. will be documented and emailed to the contact person to add to the tracking database. Will this work? I hope so! I have thought about every way possible. Obtaining the majority of disclosures from the patient's chart will get better compliance than to add another step for our clinical staff to handle while they are trying to take care of our patients. Patient Care comes first! Hope this information has helped some of you... email me directly if you would like additional information. Tina C. Lamb HIPAA and Corporate Compliance Coordinator St. Francis Hospital, Inc. 706/596-4411 x 5657 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 5:01 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Accounting for disclosures I work with a large healthcare system in New Mexico. We also would like to know if other CE's are considering automated or manual solutions for tracking disclosures and producing an accounting as required by law. Also, how are other CE's handling the issue of being able to report not only their own disclosures, but also those made by Business Associates: - do you plan to survey business associates each time a request for an accounting comes in? - do you plan to ask business associates to proactively report any disclosures they
Re: clergy disclosure policy
I thought I recognized Beth's question: it also appeared on HIPAAdead (as Tim McGuinness delicately puts it). I agree with Noel, insofar as it's the provider's decision whether it will take advantage of the permission in § 164.510(a)(1)(ii) to allow clergy access to the directory. If it does, however, it should not be picky about who is and isn't clergy - especially if it's a government hospital. As I wrote to HIPAAlive: Clergy and religious don't need licenses. And they generally don't need anyone's permission or permits to minister and proselytize in the public arena. The First Amendment - the most important of the amendments to the Constitution - gives broad leeway to anyone setting up shop as clergy. A county hospital, especially, might consider it prudent to not suspiciously eye persons - who otherwise are on good behavior - claiming to be clergy. After all, does the Archbishop of Kansas City have to carry around official ID? § 164.510(a)(1)(ii)(A) allows the entire directory to be reviewed by clergy; it would be up to the individual patient to have her name and/or religious affiliation omitted from the directory altogether. William J. Kammerer Novannet, LLC. Columbus, US-OH 43221-3859 +1 (614) 487-0320 - Original Message - From: Noel Chang [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Tuesday, 28 January, 2003 11:29 AM Subject: Re: clergy disclosure policy In fact, section 164.514(h)(1) which establishes the requirements to verify the identity and the authority of a person requesting PHI specifically exempts disclosures under section 164.510 (the section that permits disclsoure for facility directories and notification purposes) from that requirement. So I don't think you have to worry about documenting the validity of this person's claim that he is a member of the clergy. If you reasonably believe that he is a member of the clergy, based on whatever information you have, then I think you could defend your position as long as you did not know in fact that he was not a member of the clergy. Section 164.510(a)(1)(ii) specifies that facility directory information may be disclosed to members of the clergy or to individuals that ask for the patient by name. Therefore, if you believe he is a member of the clergy then I think you could disclose the directory to him. Note, however, that this is all up to your discretion. The rule does not establish any rights of the clergy to access this information, it only permits you to make such disclosures if you so wish. If a member of the clergy who had no recognized affiliation or relationship with my facility was asking for disclosure, the safer course of action may be to deny access. Noel Chang -- Open WebMail Project (http://openwebmail.org) - Original Message - From: Beth Cole [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Tuesday, 28 January, 2003 09:59 AM Subject: clergy disclosure policy We have decided to limit information disclosure by denomination, as specified in the OCR December, 2002 guidance, along with having an opt-in policy for people who wish to be visited by a member of the clergy. However, we ran into a problem. We have in our area the State of Kansas Chaplain of the American Legion, who travels throughout the state visiting hospitalized veterans. He is requesting to see the entire directory. When we told him that we could not do that, he appealed to the hospital CEO. He does not carry any identification that shows denominational affiliation. He has a hand-written card that says State Chaplain of American Legion. Neither the Privacy Officer nor I are comfortable providing the entire facility directory to anyone. Does anyone have suggestions for how to deal with this? Beth -- Beth Cole Information Services Support Specialist Newman Regional Health Emporia, Kansas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Medical Records
I have an interesting question that I need some help with. We had an office manager call today inquiring about a problem that I don't know how to respond to her. She is in a practice where a physician shared expenses and leased space from her practice (he was his own entity). The physician passed away over the weekend. They are unsure of what to do with the medical records. They do not belong to the practice, the belonged to the physician who passed away. Can the manager give the original charts to the patients? Thanks for any and all input! Cathy A. Campbell HIPAA Compliance Specialist Healthcare Compliance Group (317)575-1041 (800)816-1161 (317)575-1043 (fax) --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Some Questions that I've asked before....
Hi Deborah, Thank you for responding... See my comments in Bold "Deborah Campbell" [EMAIL PROTECTED] 01/28/03 01:36PM Here goes my opinion. 1) We haven't decided if we will release any info to the subscriber on one of their members. So couldn't you use this as an excuse? Say, "I'm sorry, according to the new HIPAA regulations, we are unable to release any further information without an authorization from the member." The policy so far is to respond to queries (especially about deductibles which apply to the all members) unless there is a Private Communications Request. I'm like you, just refuse to respond unless the caller is the patient Maybe I'll try to bringthe idea up (again) as the policy/standard. 2)We don't send EOB's so can't help you there. 3) Didn't the 8/14/03 revisions say when it comes to minors, we should follow state regs? Does the state allow you to limit info to parents of underage minors? Unfortunately, the State Laws/Regs are silent on most of the implications of the questions I posed. For example, what are our obligations to an underage member, who wants to claim Private Communications Do we advise the member to go see the county social services? Do we refuse? No easy answers here. We know that we can't grant Private Communications for a 12 year old (unless there is a guardian appointed by a court) My questions more revolve around what should we do (within the constraints of state law and HIPAA regs). 4) Not sure what the question is. Yes, if we turn down an amendment request, and the member requests that we log the amendment request in the records, we must. Sorry, I should have been more clear. I accept that we have to accept the amendment flag and statement. I'd like to know how other CE's are handling the identification of the situation where an amendment was requested and how they are associating / effecting the transmission of the flag and statement with the claim On EOBs, On 835 Transactions, On data transmissions to a Cost Plus Group, On data transmissions to the state dept of insurance for our biannual audit, etc Sorry I couldn't be more help. Deborah Campbell Compliance Coordinator Dominion Dental Services, Inc. 115 South Union Street, Suite 300 Alexandria, Virginia 22314 Phn: (703) 518-5000 ext. 3035 Fax: (703) 518-8849 Toll Free: 888-518-5338 Email: [EMAIL PROTECTED] *** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. * -Original Message-From: Jim Moores [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 10:06 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Some Questions that I've asked before Hi All, I've asked these questions before, but didn't get much response (or any at all on some). Since we're all getting close to THE DATE, I thought re-asking might get more/better response, so I'm re-postinga digest of the questions. Any discussions of what you are doing and / or suggestions are welcome. _ Private Communications These questions are about Private Communications (PC) Customer Service: 1) How do you respond to a Customer Service Inquiry fromthe contract holder (subscriber) when someone on that contract has invoked PC? Do you just say, "I can't give any further information" or "I've released all the information to which you are entitled" or some other sentence/phrase with similar meaning? I realize you can't just say, "Someone on your contract has requested Private Communications". Possible scenario: Jane, the wife of Joe Contractholder requests PC, primarily because she's going to a psychologist. Because Jane has requested PC, the insurance company (or provider) routes ALL her claim EOBs (or bills)to an alternate address. Joe calls customer service to ask where the Explanation of Benefits (EOB) is for his wife's recent visit to the Emergency Room for a twisted ankle. How should the customer service rep answer? 2) How do you send out the EOB when you have a non-custodial and custodial parent getting EOBs and one of the children has invoked PC? We have a number of these situations where we have received a Domestic Relations Court Order to send the underage dependent EOBs to both the custodial and non-custodial parents. As long as they haven't reached 18, we comply with the order (or if a dependent is in college, until they graduate). Possible scenario: Joe Doe (Contractholder) and Jane Doe (Joe's
RE: Accounting for disclosures
The American Health Information Management Association web site has some very good articles on Accounting of Disclosures and the Association also provides an Accounting of Disclosures Analysis grid. This is a very good tool to assist one in identifying the disclosures that do not require tracking versus those that do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:11 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: Accounting for disclosures Tina, I am glad to here that someone else is utilizing existing systems. I also have developed a database for tracking disclosures. We, however have identified areas that release info and those departments/areas will be given access to enter the disclosure by patient into the database. Thanks Mary Duarte-Stucky Regional Leader, HIPAA Privacy and Security Officer E-mail: [EMAIL PROTECTED] Phone: 865-545-8311 Fax: 865-545-7380 The information contained in this communication and any attached documents is intended only for the personal and confidential use of the designated recipient(s). This message may be a confidential and privileged communication. If the reader of this message is not the intended recipient (or agent responsible for delivering it to the intended recipient), you are hereby notified that any unauthorized distribution or copying of this e-mail or the information contained in it is strictly prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Lamb, Tina [EMAIL PROTECTED]To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] cc: 01/28/2003 08:29 Subject: RE: Accounting for disclosures AM Please respond to Lamb, Tina We are an acute care facility that will be implementing both an automated process a manual process. After completing an extensive analysis and several brainstorming sessions, we found that a lot of what we are required to track is already documented in the patient's medical record. Those items that are not will be submitted from the individual disclosing the information to a centralized location (contact person) where the disclosure will be logged into an ACCESS database. When the patient requests an accounting, the contact person will pull the patient's chart to review for the disclosures that are documented add to the database. In turn, the database will print the report to give to the patient. The database will also track any suspension requests received from law enforcement, etc. and all requests that have been received from the patient. I created this database for our organization and I know enough about ACCESS to be dangerous (did not cost me thousands of dollars to develop). Employees who disclose patient information in error will have to complete an incident report that will also be provided for tracking purposes. Any other disclosures made via telephone to public health, coroner, etc. will be documented and emailed to the contact person to add to the tracking database. Will this work? I hope so! I have thought about every way possible. Obtaining the majority of disclosures from the patient's chart will get better compliance than to add another step for our clinical staff to handle while they are trying to take care of our patients. Patient Care comes first! Hope this information has helped some of you... email me directly if you would like additional information. Tina C. Lamb HIPAA and Corporate Compliance Coordinator St. Francis Hospital, Inc. 706/596-4411 x 5657 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 5:01 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Accounting for disclosures I work with a large healthcare system in New Mexico. We also would like to know if other CE's are considering automated or manual solutions for tracking disclosures and producing an accounting as required by law. Also, how are other CE's handling the issue of being able to report not only their own disclosures, but also those made by Business Associates: - do you plan to survey business associates each time a request for an accounting comes in? - do you plan to ask business associates to proactively report any disclosures they make? - how will you keep track of this? Thanks! Julie Fulcher HIPAA Project Manager Presbyterian Healthcare Services Albuquerque, New Mexico 87125- (505) 923-6397 [EMAIL PROTECTED] -Original Message- From: Halterman, Anita [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 6:16 PM To: WEDI SNIP Privacy Workgroup List Subject:
Confidential Communications
Can anyone please give me ideas of what they think patients would request with the Restrictions on the Uses and Disclosures of PHI and the Confidential Communications. We have the following in place already, and are trying to write a common-sense policy about these issues. It is hard to anticipate what else the patients might request. Thoughts or past requests that you have come across? 1. We are anticipating requests for alternative billing locations 2. We have privacy codes in our system to address the following, which we use during care and after discharge (especially the no information given to anyone). $ = FAMILY MEMBERS ONLY (Information given ONLY to family members) + = NO INFORMATION (No information is given to anyone) I have no information on a patient by that name. % = NO PHONE CALLS (Do not give out the extension or ring any calls) The patient has requested that no phone calls be placed to their room. = NO VISITORS/NO CALLS (You may give only the condition to callers) The patient has requested that no phone calls be placed to their room. ! = NO VISITORS (No visitors are permitted to visit the patient) *= MEDIA EVENT (No further information will be given) No further information can be released about this patient or their condition. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Some Questions that I've asked before....
Jim, Here is a site that contains a document regarding designated record set that might useful to you. http://www.nchica.org/HIPAAResources/Samples/DesRecSets.pdf Phyllis Line HIPAA Privacy Officer HEREIU Welfare Pension Funds 630-236-5114 [EMAIL PROTECTED] -Original Message-From: Deborah Campbell [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 12:36 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Some Questions that I've asked before Here goes my opinion. 1) We haven't decided if we will release any info to the subscriber on one of their members. So couldn't you use this as an excuse? Say, "I'm sorry, according to the new HIPAA regulations, we are unable to release any further information without an authorization from the member." 2)We don't send EOB's so can't help you there. 3) Didn't the 8/14/03 revisions say when it comes to minors, we should follow state regs? Does the state allow you to limit info to parents of underage minors? 4) Not sure what the question is. Yes, if we turn down an amendment request, and the member requests that we log the amendment request in the records, we must. Sorry I couldn't be more help. Deborah Campbell Compliance Coordinator Dominion Dental Services, Inc. 115 South Union Street, Suite 300 Alexandria, Virginia 22314 Phn: (703) 518-5000 ext. 3035 Fax: (703) 518-8849 Toll Free: 888-518-5338 Email: [EMAIL PROTECTED] *** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. * -Original Message-From: Jim Moores [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 10:06 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Some Questions that I've asked before Hi All, I've asked these questions before, but didn't get much response (or any at all on some). Since we're all getting close to THE DATE, I thought re-asking might get more/better response, so I'm re-postinga digest of the questions. Any discussions of what you are doing and / or suggestions are welcome. _ Private Communications These questions are about Private Communications (PC) Customer Service: 1) How do you respond to a Customer Service Inquiry fromthe contract holder (subscriber) when someone on that contract has invoked PC? Do you just say, "I can't give any further information" or "I've released all the information to which you are entitled" or some other sentence/phrase with similar meaning? I realize you can't just say, "Someone on your contract has requested Private Communications". Possible scenario: Jane, the wife of Joe Contractholder requests PC, primarily because she's going to a psychologist. Because Jane has requested PC, the insurance company (or provider) routes ALL her claim EOBs (or bills)to an alternate address. Joe calls customer service to ask where the Explanation of Benefits (EOB) is for his wife's recent visit to the Emergency Room for a twisted ankle. How should the customer service rep answer? 2) How do you send out the EOB when you have a non-custodial and custodial parent getting EOBs and one of the children has invoked PC? We have a number of these situations where we have received a Domestic Relations Court Order to send the underage dependent EOBs to both the custodial and non-custodial parents. As long as they haven't reached 18, we comply with the order (or if a dependent is in college, until they graduate). Possible scenario: Joe Doe (Contractholder) and Jane Doe (Joe's former wife and mother of Donna Doe) have both been receiving Donna's EOBs pursuant to a court order. Donna's in college and goes to her OB/Gyn and asks for birth control pills. Donna doesn't want her father to know (he has a temper), so she invokes PC with both the Provider and the insurance company. All of a sudden, neither Joe or Jane are getting copies of Donna's EOB's. Jane knows that Donna went to the OB/Gyn but doesn't get a copy of the EOB. She calls Joe and asks if he has gotten the EOB yet... of course he says no. So she calls customer service. How should the customer service rep answer? Does HIPAA Privacy override the Domestic Relations Order or vice versa? 3) How do you respond to a 12 year old who asks for PC when
NPP and Medicaid Managed Care
Just for those who may have wanted to knowI have just received a letter from Richard Fenton, Acting Director, Family and Children's Health Programs, CMS, indicating that with regards to the intersection between required HIPAA language for health plan enrollees and the new Medicaid Managed Care regulation, the requirements of the specific Medicaid program which you contract - that enrollee information be written at a fifth grade reading level - prevail. This clearly applies to the contents of the NPP in your respective states. STATEMENT OF CONFIDENTIALITY The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy all copies of this message and any attachments. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Is patient email address PHI?
This seems picayune, but: Email address is listed in the reg as an identifier that must be removed from data being disclosed. If we email a patient, would addressing that email to their email address be considered a violation of HIPAA? Thank you, Susan Brousseau Business Analyst --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org Confidentiality Notice: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
RE: Some Questions that I've asked before....
I will only take 3) 164.502 (g)(1) requires that you treat a Personal Representative as the individual i.e. must give access (g)(3) requires that you treat a parent or guardian as a Personal Representative The only exceptions provided are described in (g)(3) which seem to be very specific and will deal with specific instances of provider confidentiality or parental estrangement that you suggest - you should look at this sectionfor yourself. and (g)(5) if abuse, neglect, endangerment...if professional judgment If the case does not fit the above specific situation, looks like you cannot refuse info to the parent - parent being defined by the state's legal age for emancipation. David Ermer also presented a state by state blow of state guardianship laws related to this. That was released on the PP list serve last week. -Original Message-From: Deborah Campbell [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 1:36 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Some Questions that I've asked before Here goes my opinion. 1) We haven't decided if we will release any info to the subscriber on one of their members. So couldn't you use this as an excuse? Say, "I'm sorry, according to the new HIPAA regulations, we are unable to release any further information without an authorization from the member." 2)We don't send EOB's so can't help you there. 3) Didn't the 8/14/03 revisions say when it comes to minors, we should follow state regs? Does the state allow you to limit info to parents of underage minors? 4) Not sure what the question is. Yes, if we turn down an amendment request, and the member requests that we log the amendment request in the records, we must. Sorry I couldn't be more help. Deborah Campbell Compliance Coordinator Dominion Dental Services, Inc. 115 South Union Street, Suite 300 Alexandria, Virginia 22314 Phn: (703) 518-5000 ext. 3035 Fax: (703) 518-8849 Toll Free: 888-518-5338 Email: [EMAIL PROTECTED] *** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. * -Original Message-From: Jim Moores [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 10:06 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Some Questions that I've asked before Hi All, I've asked these questions before, but didn't get much response (or any at all on some). Since we're all getting close to THE DATE, I thought re-asking might get more/better response, so I'm re-postinga digest of the questions. Any discussions of what you are doing and / or suggestions are welcome. _ Private Communications These questions are about Private Communications (PC) Customer Service: 1) How do you respond to a Customer Service Inquiry fromthe contract holder (subscriber) when someone on that contract has invoked PC? Do you just say, "I can't give any further information" or "I've released all the information to which you are entitled" or some other sentence/phrase with similar meaning? I realize you can't just say, "Someone on your contract has requested Private Communications". Possible scenario: Jane, the wife of Joe Contractholder requests PC, primarily because she's going to a psychologist. Because Jane has requested PC, the insurance company (or provider) routes ALL her claim EOBs (or bills)to an alternate address. Joe calls customer service to ask where the Explanation of Benefits (EOB) is for his wife's recent visit to the Emergency Room for a twisted ankle. How should the customer service rep answer? 2) How do you send out the EOB when you have a non-custodial and custodial parent getting EOBs and one of the children has invoked PC? We have a number of these situations where we have received a Domestic Relations Court Order to send the underage dependent EOBs to both the custodial and non-custodial parents. As long as they haven't reached 18, we comply with the order (or if a dependent is in college, until they graduate). Possible scenario: Joe Doe (Contractholder) and Jane Doe (Joe's former wife and mother of Donna Doe) have both been receiving Donna's EOBs pursuant to a court order. Donna's in college and goes to her OB/Gyn and asks for birth control pills. Donna doesn't want her father to
Notice of Privacy Practices
Hello - just FYI - Wellmark Blue Cross Blue Shield of Iowa has posted its Notice of Privacy Practices on our website: www.wellmark.com/hipaa/hipaa.htm Some may find it a helpful reference. It is being mailed in the next 2 months to our fully-insured contract holders in IA and SD. Marilyn Musser Provider Relations Manager HIPAA-AS Communications Office Wellmark, Inc. phone: 515.248.5588 fax: 515.245.4620 [EMAIL PROTECTED] - --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Is patient email address PHI?
I will go out on a limb with an unsubstantiated opinion because it is late Only if the email also contained health information or some indictor of health status - or - If they could infer by the name or address of the sender the health status of the recipient. Would anyone out there agree with that? -Original Message-From: Brousseau, Susan [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 28, 2003 4:58 PMTo: WEDI SNIP Privacy Workgroup ListSubject: Is patient email address PHI? This seems picayune, but: Email address is listed in the reg as an identifier that must be removed from data being disclosed. If we email a patient, would addressing that email to their email address be considered a violation of HIPAA? Thank you, Susan Brousseau Business Analyst ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org Confidentiality Notice: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Is patient email address PHI?
I didn't respond to the original message because the question was not clear to me. When Susan wrote Email address is listed in the reg as an identifier that must be removed from data being disclosed was she referring to the requirement in section 164.514(b)(2)(i) that ennumerates the various identifiers that must be removed for PHI to be de-identified under the safe harbor method? If not, I'm not sure what else she meant by that statement. Susan, can you cite where else the Rule requires that email addresses be removed? If Susan was referring to 164.514 then we are talking about a disclsoure of de-identified information. Why would you be emailing an individual de- identified information about themselves? Since you are emailing the individual this would qualify as a permitted disclosure to the individual and therefore there is no need to de-identify the information in the first place! Please explain your situation better and please give specific citations as to where you think there are conflicts with the Privacy Rule. Otherwise I'm afraid I don't understand the question well enough to offer an opinion. Noel Chang -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Tue, 28 Jan 2003 20:08:32 -0700 Subject: RE: Is patient email address PHI? I will go out on a limb with an unsubstantiated opinion because it is late Only if the email also contained health information or some indictor of health status - or - If they could infer by the name or address of the sender the health status of the recipient. Would anyone out there agree with that? -Original Message- From: Brousseau, Susan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 4:58 PM To: WEDI SNIP Privacy Workgroup List Subject: Is patient email address PHI? This seems picayune, but: Email address is listed in the reg as an identifier that must be removed from data being disclosed. If we email a patient, would addressing that email to their email address be considered a violation of HIPAA? Thank you, Susan Brousseau Business Analyst --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to leave-wedi- [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org Confidentiality Notice: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- End of Original Message ---
