Separating financial and clinical data

[Noel Chang]

I had someone ask me a question the other day that I hadn't heard before and 
it got me curious as to whether other people had confronted this issue and 
what their outcome was.

This person said they were told by someone that HIPAA requires that providers 
keep patient's medical records separate from their financial records.  Most 
providers I deal with have the bulk of their financial data in whatever 
software package they are using to file their claims.  The clinical notes are 
kept in paper charts, however quite often they keep a copy of the patient's 
insurance card in the chart and that specifically was the "financial record" 
that they were concerned about being in the same place as the "medical 
record".

My immediate reaction was that there is no specific requirement to do this in 
the Privacy rule but I then started to think about what could possibly be the 
basis of such a statement?  The only thing I could come up with was the 
requirements under the minimum necessary standard to identify who need access 
to what types of PHI, and to then make reasonable efforts to limit access 
accordingly.  Upon further thought I can see how someone might take the 
position that a persons's insurance card or other insurance information 
should not be necessary for the clinical staff to treat the patient.  
Similarly, the front office and billing personnel do not need any more 
clinical data than what appears on the superbill so they should not have 
access to the entire chart.  Perhaps this is where the conclusion that 
insurance information cannot be kept in patient charts comes from?  Has 
anyone else heard this opinion or possibly come to the same conclusion on 
their own?

In small office settings, quite often I have clients that are taking the 
position that everyone in the office needs access to everything because of 
the degree of job sharing and multi-tasking that goes on.  However (playing 
devil's advocate for a moment) just because you might need access to a piece 
of PHI when you are asked to cover a job for a sick co-worker, does that 
justify you always having access to that PHI including when you are 
performing tasks that do not require that piece of PHI?  I have not 
encountered one physician's office that uses paper charts where the chart 
does not start out in the hands of the people at the check-in window.  Do 
they really need access to the complete chart (medical history, docotor's 
notes, lab results, etc.) to check in a patient?

The more I think about it the more I can understand how someone might arrive 
at this position but talk about an impediment to work flow!  Do we now need 
one set of charts for financial data that is not in software systems (e.g. 
copies of insurance cards) and a separate set of charts for clinical data?

Someone please show me a convincing out!

Noel Chang

Noel Chang
Integral Practice Solutions
--
Open WebMail Project (http://openwebmail.org)


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

RE: New to this list, have two questions.

[Gregory Park]

Title: RE: New to this list, have two questions.




Doug, I in 
no way disregard the need to encrypt email.  I am a big proponent of it, 
just not sure which is the best approach at the moment (see previous emails to 
this list-serve).  Email was at risk at the same level before or after the 
regulations.  The heart of my question (because I am not sure what exactly 
is the right answer) is how do YOU (stand up healthcare community) approach the 
issue?  
 
Are you 
dropping the electronic door now because your current methods for electronically 
delivering PHI, in relation to the recent Security Regs, may fall outside 
your security analysis, or do you manage the process now with internal policies 
moving towards a technological fix well before the regulation due 
dates?
 
Greg ParkProduct ManagerDB 
Technology Inc.Office:  
800-760-4096 
x117Cell: 
484-919-0392PA Office: 610-397-0288 
www.dbtech.com 

  -Original Message-From: Doug Webb 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 3:45 
  PMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: New 
  to this list, have two questions.
  Gregory,
  Just to amplify on Judith's remarks,
  You are exposed to the risk NOW, not when the final Security 
  Rule fully kicks in.
  You are accepting a huge risk anytime you expose PHI to the 
  Internet.  Remenber that any of the millions of computers on the net can 
  read this if they so choose.  Strong encryption appears to be the only 
  way to protect PHI on the Internet.
   
  If you would consider putting the information on a post 
  card, perhaps it might be far enough away from PHI to consider mentioning it 
  in an e-mail.  E-mail can be accessed by many more people than typical a 
  post card will be exposed to.
   
  As to your third question, there are four (at least) WEDI 
  listserves that cover various portions of the topics you 
  mentioned:
     Privacy, Security, Transactions, and Code 
  Sets.
  Pick the ones that serve your needs the best.
   
  The opinions expressed here are my own and not necessarily the opinion of 
  LCMH.
   
  Douglas M. WebbComputer System EngineerLittle Company of Mary 
  Hospital & Health Care Centers[EMAIL PROTECTED]
   
  "This electronic message may contain information that is confidential 
  and/or legally privileged. It is intended only for the use of the 
  individual(s) and entity(s)  named as recipients in the message. If you 
  are not an intended recipient of the message, please notify the sender 
  immediately,  delete the material from any computer, do not deliver, 
  distribute, or copy this message, and do not disclose its contents or take 
  action in reliance on the information it contains. Thank you."
   
   
  
- Original Message - 
From: 
Bentz-Miller, 
Judith 
To: WEDI SNIP Privacy Workgroup 
List 
Sent: Monday, March 24, 2003 02:10 
PM
Subject: RE: New to this list, have two 
questions.

This was part of our privacy audit due to the following 
reg:

§ 164.530 Administrative 
requirements.
(c)    
(1) Standard: safeguards. A covered entity must have in place 
appropriate administrative, technical, and physical safeguards to 
protect the privacy of protected health 
information.
 (2) 
Implementation specification: safeguards. 

(I) 
A 
covered entity must reasonably safeguard protected health information from 
any intentional or unintentional use or disclosure that is in violation of 
the standards, implementation specifications or other requirements of this 
subpart.  
We knew this was an issue, so we took the "no email to 
patients" approach also.  In our opinion, It is just too big of 
a risk.   
Judith Bentz-Miller 
Privacy Officer 
Arnett Clinic 765-448-8843 

 
 -Original 
Message-From: Gregory Park 
[mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 3:01 
PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: New 
to this list, have two questions.

  One follow-up question/remark/plead for public 
  opinion to your response Deborah.
   
  "...no 
  PHI will be sent via email..."  Is that now or when?  Are you 
  considering yourself at risk now because of the ruling?  Just curious 
  as I have heard others in the field drop the "PHI Email" gate immediately 
  as soon as they understood the Security rules.  Wouldn't you continue 
  as usual and work towards a reasonable solution effective before 
  2005?
   
  Greg ParkProduct ManagerDB 
  Technology 
  Inc.Office:  
  800-760-4096 
  x117Cell: 
  484-919-0392PA Office: 610-397-0288 

  www.dbtech.com 
  
-Original Message-From: Deborah Campbell 
[mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 
2003 9:39 AMTo: WEDI SNIP

Email and HIPAA

[Christiansen, John (SEA)]

For those looking into email issues specifically, please see HealthyEmail,
www.healthyemail.org . It's a nonprofit, I'm on the board, and the point of
the exercise is to get policy and procedural tools out to support the
clinical (principally physician practice) use of email. The other advisors
are heavy hitters in this area (Bill Braithwaite, Danny Sands who was
principal author of the AMIA email guidelines, Paul Tang, etc.), and we have
posted a non-proprietary primer addressing HIPAA and other risks (I am
generally more concerned about those "other risks," by the way), patient
communications documents, etc.

Disclosure: It's a nonprofit principally supported by a secure messaging
vendor which is a client of mine.  Well, does anybody know of a health
system, governmental agency or academic body who's going to pay for any
major new initiative these days? And this way I know who they're listening
to for advice. You can judge the merits of their solution for yourself, if
you like, or ping me off list for info. The HealthyEmail documentation
itself is not tied to the vendor, and is designed to support any clinical
use of email.

Interested party or not, my take is that if there is reasonably
affordable/reasonably easy to use encryption available, the "addressable
specification" security rule analysis indicates it should be used if you
send ePHI over the Internet with any frequency. 

John R. Christiansen
Preston | Gates | Ellis LLP
925 Fourth Avenue, Suite 2900
Seattle, Washington 98104
*Direct: 206.370.8118 *Cell: 206.683.9125
* [EMAIL PROTECTED]
Notice: Internet e-mail is inherently insecure. Unencrypted e-mail may be
accessible to unauthorized viewers, content may be modified or corrupted,
and headers or signatures may incorrectly identify the sender. If you wish
to confirm this message or the identity of the sender, please contact me
using a communications channel other than a "reply" to this e-mail. Secure
electronic messaging is available and recommended for confidential or
sensitive communications.
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 4:43 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: New to this list, have two questions.


We have been wrestling with this question of e-mail security here too.
I am with a large integrated delivery system in New Mexico.
 
Our position, however, is that we will not stop the e-mail until we can
agree on a workable technical security approach.
We will continue as we have been, while we simultaneously working on a
technical security approach 
(I won't say solution, because there does not appear to be a great
"solution" at this time.)
 
We believe it is too risky from a patient care standpoint to completely stop
all e-mail, for a couple of reasons:
1) Most of our clinical units use e-mail to communicate with other providers
and with patients themselves regarding treatment and care management
2) There have not been any reported problems with security related to this
so far (I understand that this doesn't mean there is no risk).  Therefore in
comparing the benefits and risks to the patient, we felt it was better to
continue using e-mail for now.
3) We feel that the advantages of e-mail outweigh the security risks;
specifically we see those advantages as:  

*   speed, 
*   written documentation of the communication, and 
*   the fact that both parties don't have to be in communication at the
same time (like the phone would require) 

4) The best alternative to e-mail would be fax - but that really is not much
safer than e-mail from a technical standpoint, and in many cases travels
over the same lines.  We don't feel like we are buying much in terms of
additional security by forcing everyone to use fax.  Also, many patients do
not have home fax machines.
 
We are currently working on developing a "secure server" approach.
We feel that encryption is not realistic since the technology is not
standard enough, nor easily usable by clinicians or patients.
 
We see our biggest challenge with any technical approach, is not the
technology, but getting our clinicians and administrative staff to adopt it.
Most of our planning will be focused on piloting and adoption strategies for
this type of technology, from a very practical standpoint.
 
Is any body else seeing the adoption challenges of e-mail security
technology?
 
Julie Fulcher 
HIPAA Project Manager 
Presbyterian Healthcare Services 
Albuquerque, New Mexico 87125- 
(505) 923-6397 
[EMAIL PROTECTED] 

 

-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 1:45 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: New to this list, have two questions.


Gregory,
Just to amplify on Judith's remarks,
You are exposed to the risk NOW, not when the final Security Rule fully
kicks in.
You are accepting a huge risk anytime you expose PHI to the Internet.
Remenber that any of the millions of computers 

RE: New to this list, have two questions.

[JFulcher]

We have been wrestling with this question of e-mail security here too.
I am with a large integrated delivery system in New Mexico.
 
Our position, however, is that we will not stop the e-mail until we can
agree on a workable technical security approach.
We will continue as we have been, while we simultaneously working on a
technical security approach 
(I won't say solution, because there does not appear to be a great
"solution" at this time.)
 
We believe it is too risky from a patient care standpoint to completely stop
all e-mail, for a couple of reasons:
1) Most of our clinical units use e-mail to communicate with other providers
and with patients themselves regarding treatment and care management
2) There have not been any reported problems with security related to this
so far (I understand that this doesn't mean there is no risk).  Therefore in
comparing the benefits and risks to the patient, we felt it was better to
continue using e-mail for now.
3) We feel that the advantages of e-mail outweigh the security risks;
specifically we see those advantages as:  

*   speed, 
*   written documentation of the communication, and 
*   the fact that both parties don't have to be in communication at the
same time (like the phone would require) 

4) The best alternative to e-mail would be fax - but that really is not much
safer than e-mail from a technical standpoint, and in many cases travels
over the same lines.  We don't feel like we are buying much in terms of
additional security by forcing everyone to use fax.  Also, many patients do
not have home fax machines.
 
We are currently working on developing a "secure server" approach.
We feel that encryption is not realistic since the technology is not
standard enough, nor easily usable by clinicians or patients.
 
We see our biggest challenge with any technical approach, is not the
technology, but getting our clinicians and administrative staff to adopt it.
Most of our planning will be focused on piloting and adoption strategies for
this type of technology, from a very practical standpoint.
 
Is any body else seeing the adoption challenges of e-mail security
technology?
 
Julie Fulcher 
HIPAA Project Manager 
Presbyterian Healthcare Services 
Albuquerque, New Mexico 87125- 
(505) 923-6397 
[EMAIL PROTECTED] 

 

-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 1:45 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: New to this list, have two questions.


Gregory,
Just to amplify on Judith's remarks,
You are exposed to the risk NOW, not when the final Security Rule fully
kicks in.
You are accepting a huge risk anytime you expose PHI to the Internet.
Remenber that any of the millions of computers on the net can read this if
they so choose.  Strong encryption appears to be the only way to protect PHI
on the Internet.
 
If you would consider putting the information on a post card, perhaps it
might be far enough away from PHI to consider mentioning it in an e-mail.
E-mail can be accessed by many more people than typical a post card will be
exposed to.
 
As to your third question, there are four (at least) WEDI listserves that
cover various portions of the topics you mentioned:
   Privacy, Security, Transactions, and Code Sets.
Pick the ones that serve your needs the best.
 
The opinions expressed here are my own and not necessarily the opinion of
LCMH.
 
Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]  
 
"This electronic message may contain information that is confidential and/or
legally privileged. It is intended only for the use of the individual(s) and
entity(s)  named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately,  delete the
material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
 

 

- Original Message - 
From: Bentz-Miller,   Judith 
To: WEDI SNIP Privacy Workgroup   List 
Sent: Monday, March 24, 2003 02:10 PM
Subject: RE: New to this list, have two questions.

This was part of our privacy audit due to the following reg:

§ 164.530 Administrative requirements.

(c)(1) Standard: safeguards. A covered entity must have in place
appropriate administrative, technical, and physical safeguards to protect
the privacy of protected health information.

 (2) Implementation specification: safeguards. 

(I) A covered entity must reasonably safeguard protected
health information from any intentional or unintentional use or disclosure
that is in violation of the standards, implementation specifications or
other requirements of this subpart.  

We knew this was an issue, so we took the "no email to patients" approach
also.  In our opinion, I

Re: New to this list, have two questions.

[Doug Webb]

Title: RE: New to this list, have two questions.



Gregory,
Just to amplify on Judith's remarks,
You are exposed to the risk NOW, not when the final Security 
Rule fully kicks in.
You are accepting a huge risk anytime you expose PHI to the 
Internet.  Remenber that any of the millions of computers on the net can 
read this if they so choose.  Strong encryption appears to be the only way 
to protect PHI on the Internet.
 
If you would consider putting the information on a post card, 
perhaps it might be far enough away from PHI to consider mentioning it in an 
e-mail.  E-mail can be accessed by many more people than typical a post 
card will be exposed to.
 
As to your third question, there are four (at least) WEDI 
listserves that cover various portions of the topics you mentioned:
   Privacy, Security, Transactions, and Code 
Sets.
Pick the ones that serve your needs the best.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Bentz-Miller, 
  Judith 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Monday, March 24, 2003 02:10 
  PM
  Subject: RE: New to this list, have two 
  questions.
  
  This was part of our privacy audit due to the following 
  reg:
  
  § 164.530 Administrative 
  requirements.
  (c)    (1) 
  Standard: safeguards. A covered entity must have in place appropriate 
  administrative, technical, and physical safeguards to protect the 
  privacy of protected health information.
   (2) 
  Implementation specification: safeguards. 
  (I) 
  A 
  covered entity must reasonably safeguard protected health information from any 
  intentional or unintentional use or disclosure that is in violation of the 
  standards, implementation specifications or other requirements of this 
  subpart.  
  We knew this was an issue, so we took the "no email to 
  patients" approach also.  In our opinion, It is just too big of 
  a risk.   
  Judith Bentz-Miller 
  Privacy Officer Arnett Clinic 765-448-8843 
  
   
   -Original 
  Message-From: Gregory Park 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 3:01 
  PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: New 
  to this list, have two questions.
  
One follow-up question/remark/plead for public 
opinion to your response Deborah.
 
"...no 
PHI will be sent via email..."  Is that now or when?  Are you 
considering yourself at risk now because of the ruling?  Just curious 
as I have heard others in the field drop the "PHI Email" gate immediately as 
soon as they understood the Security rules.  Wouldn't you continue as 
usual and work towards a reasonable solution effective before 
2005?
 
Greg ParkProduct ManagerDB 
Technology 
Inc.Office:  
800-760-4096 
x117Cell: 
484-919-0392PA Office: 610-397-0288 
www.dbtech.com 

  -Original Message-From: Deborah Campbell 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 
  2003 9:39 AMTo: WEDI SNIP Privacy Workgroup 
  ListSubject: RE: New to this list, have two 
  questions.
  Here's my opinion. I'd be interested if anyone has other 
  opinions. 1) An email is unprotected as soon as it 
  is sent over the internet. Almost anyone can intercept it. So you need to 
  determine your risk and what you want to do to eliminate it. We have 
  determined that no PHI will be sent via email until we have an encryption 
  solution.
  2) It depends what the Case Manager is doing. If they are 
  working "on behalf of  the insurance carrier, 
  then they are either an employee of the carrier or a BA of the carrier. If 
  they are doing Quality Assurance on behalf of the carrier, you are 
  permitted to release PHI to them without the need of any contract with 
  them (the carrier would have the contract). Check § 164.506(c)(4) of the 
  August revisions of the Privacy Rule.
  Deborah Deborah Campbell 
  Compliance Coordinator 
  Dominion Dental Services, Inc. 115 
  South Union Street, Suite 300 Alexandria, Virginia 
  22314 
  Phn: (703) 518-5000 ext. 3035 Fax: 
  (703) 518-8849 Toll Free:  
  888-518-5338 Email: 
  [EMAIL PROTECTED] 
  *** 
  The info

Relay Services

[SL Burke]

Have any plans/providers out there done any analysis regarding how relay services (i.e. telephone "interpreters" for the deaf or hearing impaired) are impacted by HIPAA?  The patient generally initiates the involvement of the relay service so that the patient can have meaningful telephone communications with a provider so the relay person hears all of the PHI that is disussed during any conversation.
Sherry Lynn BurkeDo you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: Paper Claim Requirements

[Doug Webb]

Daryl,
The TCS standard applies to electronic claims only.  
Paper claims are not affected  Because the payer's systems will have 
to work with the data content of Complient claims, the paper claim will probably 
have to be modified by each payer to contain the data they need.  This 
means business as usual (possibly different rules for each payer) for paper 
claims.
 
The Privacy rules apply to all PHI if you are a CE, and the 
Security rules apply to all electronic PHI if you are a CE.
.
Whether a payer is willing to accept paper claims at all 
is up to them (except for Medicare, which is mandated by law to require all 
electronic calims by Oct 16, 2003 [except for "Small" providers, via an 
exception process yet to be defined]).
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  [EMAIL PROTECTED] 
  
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Monday, March 24, 2003 01:10 
  PM
  Subject: Paper Claim Requirements
  Can anyone tell me if 
  there will be any specific requirements that will affect Paper Claims 
  Submission (format or content)?  I have seen this issue have 
  reference made to it, but I have yet to see any part of the actual "Rule" that 
  describes any details.Thanks for your help!Daryl 
  EwingMedical Billing & Compliance Manager  ---The WEDI 
  SNIP listserv to which you are subscribed is not moderated. The discussions on 
  this listserv therefore represent the views of the individual participants, 
  and do not necessarily represent the views of the WEDI Board of Directors nor 
  WEDI SNIP. If you wish to receive an official opinion, post your question to 
  the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These 
  listservs should not be used for commercial marketing purposes or discussion 
  of specific vendor products and services. They also are not intended to be 
  used as a forum for personal disagreements or unprofessional communication at 
  any time.You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: New to this list, have two questions.

[Bentz-Miller, Judith]

Title: RE: New to this list, have two questions.



This was part of our privacy audit due to the following 
reg:

§ 
164.530 Administrative requirements.
(c)    (1) 
Standard: safeguards. A covered entity must have in place appropriate 
administrative, technical, and physical safeguards to protect the privacy 
of protected health information.
 (2) 
Implementation specification: safeguards. 
(I) 
A 
covered entity must reasonably safeguard protected health information from any 
intentional or unintentional use or disclosure that is in violation of the 
standards, implementation specifications or other requirements of this 
subpart.  
We knew this was an issue, so we took the "no email to 
patients" approach also.  In our opinion, It is just too big of 
a risk.   
Judith Bentz-Miller 
Privacy Officer Arnett Clinic 765-448-8843 

 
 -Original 
Message-From: Gregory Park 
[mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 3:01 
PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: New to 
this list, have two questions.

  One follow-up question/remark/plead for public 
  opinion to your response Deborah.
   
  "...no PHI 
  will be sent via email..."  Is that now or when?  Are you 
  considering yourself at risk now because of the ruling?  Just curious as 
  I have heard others in the field drop the "PHI Email" gate immediately as soon 
  as they understood the Security rules.  Wouldn't you continue as usual 
  and work towards a reasonable solution effective before 
  2005?
   
  Greg ParkProduct ManagerDB 
  Technology 
  Inc.Office:  
  800-760-4096 
  x117Cell: 
  484-919-0392PA Office: 610-397-0288 
  www.dbtech.com 
  
-Original Message-From: Deborah Campbell 
[mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 
9:39 AMTo: WEDI SNIP Privacy Workgroup ListSubject: 
RE: New to this list, have two questions.
Here's my opinion. I'd be interested if anyone has other 
opinions. 1) An email is unprotected as soon as it 
is sent over the internet. Almost anyone can intercept it. So you need to 
determine your risk and what you want to do to eliminate it. We have 
determined that no PHI will be sent via email until we have an encryption 
solution.
2) It depends what the Case Manager is doing. If they are 
working "on behalf of  the insurance carrier, 
then they are either an employee of the carrier or a BA of the carrier. If 
they are doing Quality Assurance on behalf of the carrier, you are permitted 
to release PHI to them without the need of any contract with them (the 
carrier would have the contract). Check § 164.506(c)(4) of the August 
revisions of the Privacy Rule.
Deborah Deborah Campbell 
Compliance Coordinator 
Dominion Dental Services, Inc. 115 
South Union Street, Suite 300 Alexandria, Virginia 
22314 
Phn: (703) 518-5000 ext. 3035 Fax: 
(703) 518-8849 Toll Free:  888-518-5338 
Email: [EMAIL PROTECTED] 
*** The information in this email is confidential and may be legally 
privileged.  It is intended solely for the addressee.  Access to 
this email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, 
copying, distribution or any action taken or omitted to be taken in reliance 
on it is prohibited and may be unlawful.
* 

-Original Message- From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 24, 2003 9:25 AM To: WEDI 
SNIP Privacy Workgroup List Subject: New to this 
list, have two questions. 
Hello List, 
I am new to this list, so please be patient with me, if I 
ask any questions that have been addressed 
repeatedly in the past.  Anyway, I am the HIPAA Privacy Officer for a Physician's Group Practice and have just 
recently finished our first round of "Privacy 
Training and Education" for the group.  Two 
questions came up that I could not answer specifically: 
   1)   Is there 
specific direction as to what we can and can not discuss during  
e-mails between the clinic and patient; and 
   2)   Do we 
need a contract between Nurse Case Manager's that come in to our  
office to discuss treatment plans with our doctors (that are 
contracted  
by the Insurance Carrier) and our Physician's Group to satisfy 
"Business  
Associate Policy" portion of our HIPAA Privacy Rule policies? 
I appreciate any information available.  Also, please 
let me know if there are other "List-Serves" that are more specific to "Healthcare Privacy, Security 
& Electronic Transactions." 
Thank You, Daryl Ewing, CPC 
RPK Anesthesia, 
P.A.  

--- The WEDI SNIP listserv to which 
you are

RE: New to this list, have two questions.

[Gregory Park]

Title: RE: New to this list, have two questions.



One follow-up question/remark/plead for public 
opinion to your response Deborah.
 
"...no PHI 
will be sent via email..."  Is that now or when?  Are you considering 
yourself at risk now because of the ruling?  Just curious as I have heard 
others in the field drop the "PHI Email" gate immediately as soon as they 
understood the Security rules.  Wouldn't you continue as usual and work 
towards a reasonable solution effective before 2005?
 
Greg ParkProduct ManagerDB 
Technology Inc.Office:  
800-760-4096 
x117Cell: 
484-919-0392PA Office: 610-397-0288 
www.dbtech.com 

  -Original Message-From: Deborah Campbell 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 
  9:39 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: 
  New to this list, have two questions.
  Here's my opinion. I'd be interested if anyone has other 
  opinions. 1) An email is unprotected as soon as it is 
  sent over the internet. Almost anyone can intercept it. So you need to 
  determine your risk and what you want to do to eliminate it. We have 
  determined that no PHI will be sent via email until we have an encryption 
  solution.
  2) It depends what the Case Manager is doing. If they are 
  working "on behalf of  the insurance carrier, 
  then they are either an employee of the carrier or a BA of the carrier. If 
  they are doing Quality Assurance on behalf of the carrier, you are permitted 
  to release PHI to them without the need of any contract with them (the carrier 
  would have the contract). Check § 164.506(c)(4) of the August revisions of the 
  Privacy Rule.
  Deborah Deborah Campbell 
  Compliance Coordinator 
  Dominion Dental Services, Inc. 115 
  South Union Street, Suite 300 Alexandria, Virginia 
  22314 
  Phn: (703) 518-5000 ext. 3035 Fax: 
  (703) 518-8849 Toll Free:  888-518-5338 
  Email: [EMAIL PROTECTED] 
  *** The information in this email is confidential and may be legally 
  privileged.  It is intended solely for the addressee.  Access to 
  this email by anyone else is unauthorized.
  If you are not the intended recipient, any disclosure, 
  copying, distribution or any action taken or omitted to be taken in reliance 
  on it is prohibited and may be unlawful.
  * 
  
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 24, 2003 9:25 AM To: WEDI 
  SNIP Privacy Workgroup List Subject: New to this list, 
  have two questions. 
  Hello List, 
  I am new to this list, so please be patient with me, if I ask 
  any questions that have been addressed repeatedly in 
  the past.  Anyway, I am the HIPAA Privacy Officer 
  for a Physician's Group Practice and have just recently finished our first round of "Privacy Training and Education" for the 
  group.  Two questions came up that I could not 
  answer specifically: 
     1)   Is there 
  specific direction as to what we can and can not discuss during  
  e-mails between the clinic and patient; and 
     2)   Do we need 
  a contract between Nurse Case Manager's that come in to our  
  office to discuss treatment plans with our doctors (that are contracted  
  by the Insurance Carrier) and our Physician's Group to satisfy 
  "Business  
  Associate Policy" portion of our HIPAA Privacy Rule policies? 
  I appreciate any information available.  Also, please let 
  me know if there are other "List-Serves" that are more specific to "Healthcare Privacy, Security 
  & Electronic Transactions." 
  Thank You, Daryl Ewing, CPC 
  RPK Anesthesia, 
  P.A.  
  
  --- The WEDI SNIP listserv to which 
  you are subscribed is not moderated. The discussions on this listserv 
  therefore represent the views of the individual participants, and do not 
  necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. 
  If you wish to receive an official opinion, post your question to the WEDI 
  SNIP Issues Database at http://snip.wedi.org/tracking/.   
  These listservs should not be used for commercial marketing purposes or 
  discussion of specific vendor products and services.  They also are not 
  intended to be used as a forum for personal disagreements or unprofessional 
  communication at any time.
  You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED] To unsubscribe from this 
  list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank 
  email to [EMAIL PROTECTED]
  If you need to unsubscribe but your current email address is 
  not the same as the address subscribed to the list, please use the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org---The 
  WEDI SNIP listserv to which you are subscribed is not moderated. The 
  discussions on this listserv therefore represent the views of the ind

RE: psych notes

[Matthew Rosenblum]

Dale,

HIPAA apparently may pre-empts the State regulation.  In regard to
pre-emption, the HIPAA definition of "more stringent" notes:

"With respect to the rights of an individual who is the subject of the
individually identifiable health information regarding access to or
amendment of individually identifiable health information, permits greater
rights of access or amendment, as applicableWith respect to information
to be provided to an individual who is the subject of the individually
identifiable health information about a use, a disclosure, rights, and
remedies, provides the greater amount of information."

I hope that this helps.
 
Your questions are always welcome.
 
Matt
 
Matthew Rosenblum
Chief Operations Officer
Privacy, Quality Management & Regulatory Affairs
 
CPI Directions, Inc.
10 West 15th Street, Suite 1922
New York, NY 10011
 
(212) 675-6367
[EMAIL PROTECTED]
 
CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential and exempt from disclosure under applicable
law. If you have received this communication in error, please do not
distribute it.  Please notify the sender by E-Mail at the address shown and
delete the original message. Thank you.
 
AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del
individuo o la entidad a la cual se dirige y puede contener información
privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si
usted ha recibido esta comunicación por error, por favor no lo distribuya.
Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el
mensaje original. Gracias.
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 24, 2003 2:17 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: psych notes

There may be reason to look at this again. "More stringent" as in greater
restriction on the patient or the staff? If HIPAA explicitly gives the
patient right to access their own record, which regs prempt?

Dale K Howe
Grand Rapids, MI

In a message dated 3/24/2003 1:30:53 PM Eastern Standard Time,
[EMAIL PROTECTED] writes:

> Paulette, as I'm reading Colorado statute as it is being currently
modified:
http://www.leg.state.co.us/2003a/inetcbill.nsf/fsbillcont/12872ADAA2C72AF087
256C5A00624B00?Open&file=051_ren.pdf
>  
> I think Colorado law may be more stringent.  It reads to me that all
'mental health records' are restricted from access by the patient -- at
least while therapy is occurring.
>  


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: patient menus

[PainClinicAssoc]

On this same track, what about sign in sheets and daily appointment schedule 
print-outs? They don't need to be kept, do they?

Vicki Saunders

Pain Clinic Associates, PC
[EMAIL PROTECTED]

Pain Clinic Associates, PC Confidentiality Notice: The information contained 
in this e-mail transmission is confidential information, proprietary to the 
sender and legally protected. Its purpose is intended for the sole use of the 
individual(s) or entity named in the message header. If you are not the 
intended recipient, you are hereby notified that any dissemination, copying 
or taking any action in reliance on the contents of this information is 
strictly prohibited. If you received this message in error, please
notify the sender of the error and delete this message, any attachments and 
all copies. Thank you.

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: psych notes

[DKHGRMI]

There may be reason to look at this again. "More stringent" as in greater restriction 
on the patient or the staff? If HIPAA explicitly gives the patient right to access 
their own record, which regs prempt?

Dale K Howe
Grand Rapids, MI

In a message dated 3/24/2003 1:30:53 PM Eastern Standard Time, [EMAIL PROTECTED] 
writes:

> Paulette, as I'm reading Colorado statute as it is being currently modified: 
> http://www.leg.state.co.us/2003a/inetcbill.nsf/fsbillcont/12872ADAA2C72AF087256C5A00624B00?Open&file=051_ren.pdf
>  
> I think Colorado law may be more stringent.  It reads to me that all 'mental health 
> records' are restricted from access by the patient -- at least while therapy is 
> occurring.
>  


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Paper Claim Requirements

[rpkanes]

Can anyone tell me if there will be any specific requirements that will affect Paper Claims Submission (format or content)?  

I have seen this issue have reference made to it, but I have yet to see any part of the actual "Rule" that describes any details.

Thanks for your help!

Daryl Ewing
Medical Billing & Compliance Manager  
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: psych notes

[Karen Williamson]

Paulette, as I'm reading Colorado statute as it is 
being currently modified: http://www.leg.state.co.us/2003a/inetcbill.nsf/fsbillcont/12872ADAA2C72AF087256C5A00624B00?Open&file=051_ren.pdf
 
I 
think Colorado law may be more stringent.  It reads to me that all 'mental 
health records' are restricted from access by the patient -- at least while 
therapy is occurring.
 

  -Original Message-From: Matthew Rosenblum 
  [mailto:[EMAIL PROTECTED]Sent: Friday, March 21, 2003 9:27 
  PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: psych 
  notes
  
  Paulette,
   
  Among most behavioral 
  health professionals "process" notes (referred to by HIPAA as "psychotherapy" 
  notes) are those pieces of documentation that therapists write, basically for 
  their own use, to remind themselves of what the patient has said, for example, 
  the content of a dream, or the experience of guilt associated with a 
  "forbidden" feeling.  HHS has given us the opportunity to strictly limit 
  the availability of this information by providing a higher order of protection 
  for these "process" notes, and with few exceptions, disclosures may be made 
  only if the CE obtains a signed-authorization.
   
  Under HIPAA 
  psychotherapy notes are defined as those notes:
   
  1) Recorded by a 
  health care provider who is a mental health professional documenting or 
  analyzing the contents of conversation during a private counseling session or 
  a group, joint, or family counseling session, and,
   
  2) Maintained 
  separate from the medical record, and
   
  3) That 
  exclude:
   
  a. Medication 
  prescription and monitoring
  b. Counseling session 
  start and stop times
  c. The modalities and 
  frequencies of treatment furnished
  d. Results of 
  clinical tests
  e. Any summary of 
  diagnosis, functional status, the treatment plan, symptoms, prognosis, and 
  progress to date
   
  Note, that #3 (above) 
  delineates most of the information that we normally put into our "progress 
  notes" to substantiate treatment, and consequently, we must separate that 
  information from the "psychotherapy or process notes" (that is, if we want to 
  further protect the "process" information.)
   
  So, under HIPAA, 
  "psychotherapy notes" must be SEPARATED from the rest of the record if they 
  are to be afforded the additional protections provided by the Privacy 
  Rules.  In the “paper” world, this probably means the “psychotherapy 
  notes” should remain under the lock-and-key of the writer of the note.  
  In the “electronic” world, user ID and password protections would probably be 
  the minimum.
  
   
  I hope that this 
  helps.
   
  Your questions are 
  always welcome.
   
  Matt
   
  Matthew 
  Rosenblum
  Chief Operations 
  Officer
  Privacy, Quality 
  Management & Regulatory Affairs
  http://www.CPIdirections.com
   
  CPI 
  Directions, Inc.
  10 West 15th Street, 
  Suite 1922
  New 
  York, NY 
  10011
   
  (212) 
  675-6367
  [EMAIL PROTECTED]
   
  CONFIDENTIALITY 
  NOTICE: This E-Mail is intended only for the use of the individual or entity 
  to which it is addressed and may contain information that is privileged, 
  confidential and exempt from disclosure under applicable law. If you have 
  received this communication in error, please do not distribute it.  
  Please notify the sender by E-Mail at the address shown and delete the 
  original message. Thank you.
   
  AVISO 
  DEL 
  CONFIDENCIALIDAD: Este email es solamente para el uso 
  del 
  individuo o la entidad a la cual se dirige y puede contener información 
  privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted 
  ha recibido esta comunicación por error, por favor no lo distribuya.  
  Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el 
  mensaje original. Gracias.
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 
  2003 4:11 
  PMTo: WEDI SNIP Privacy Workgroup 
  ListSubject: psych 
  notes
   
  Our practice is family 
  practice.  We contract in a LCSW who uses our charts for her progress 
  notes.  I understand that mental health is handled differently than that 
  of a PCP as far as authorizations for release of info. (we need specific auth 
  to release).  I also remember reading somewhere that mental health needs 
  to be "seperately identifiable" in the chart.  Can someone help me out 
  with this?  We do not have a seperate divider in the chart for mental 
  health however we do have the LCSW use blue progress notes.  This seems 
  reasonable to me to satisfy the "seperately identifiable".  Any words of 
  advise?Paulette OrtegaPractice AdministratorComprehensive 
  Family Care Center2002 Lake Ave., Ste. DPueblo, CO  
  81004(719) 562-1122 ---The WEDI SNIP listserv to which you are 
  subscribed is not moderated. The discussions on this listserv therefore 
  represent the views of the individual participant

RE: Disclosing Claims Info to Fully-Insured Group Moving to Self- Fund ed

[Deborah Campbell]

Title: Disclosing Claims Info to Fully-Insured Group Moving to Self-Funded



I 
agree. Any plan has the right to amend their plan documents to obtain this 
information. I was only trying to answer the question, how can we give the 
GHP this information. (A GHP can be either self-insured or fully-insured). 
And the answer is, have them certify they have amended their plan 
documents.  At least, I believe that is the answer.
Deborah

  -Original Message-From: White, Karen 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 2003 12:53 
  PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: 
  Disclosing Claims Info to Fully-Insured Group Moving to Self- Fund 
  ed
  
  Once they have 
  certified that they have made the appropriate changes, it doesn't matter if 
  they are self-funded or fully 0nsured.  HIPAA states that as a plan 
  sponsor, they have needs for the information even if they are fully 
  insured.
   
  
  Karen 
  H. White
  Vice 
  President
  Medstat
   
  -Original 
  Message-From: Deborah 
  Campbell [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 
  2003 12:02 
  PMTo: WEDI SNIP Privacy 
  Workgroup ListSubject: RE: Disclosing Claims Info to 
  Fully-Insured Group Moving to Self- Fund ed
   
  
  According to what I 
  know about this, you would only be able to provide this type of information to 
  the GHP if they certified to you that they amended their plan documents. But, 
  I might be missing something.
  
  Deborah 
  Campbell Compliance 
  Coordinator 
  Dominion 
  Dental Services, Inc. 115 
  South Union Street, Suite 300 Alexandria, 
  Virginia 
  22314 
  
  Phn: 
  (703) 518-5000 ext. 3035 Fax: 
  (703) 518-8849 Toll 
  Free:  888-518-5338 Email: 
  [EMAIL PROTECTED] 
  *** 
  The 
  information in this email is confidential and may be legally privileged.  
  It is intended solely for the addressee.  Access to this email by anyone 
  else is unauthorized.
  If you are 
  not the intended recipient, any disclosure, copying, distribution or any 
  action taken or omitted to be taken in reliance on it is prohibited and may be 
  unlawful.
  * 
  
  
-Original 
Message-From: 
Traci.Jensen [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 
2003 11:58 
AMTo: WEDI SNIP Privacy Workgroup 
ListSubject: Disclosing 
Claims Info to Fully-Insured Group Moving to Self-Fund ed
Pursuant to 164.530(k) a group 
health plan is not subject to the Privacy standards if the group health plan 
provides health benefits solely through an insurance contract with a health 
insurance issuer or an HMO and the health insurane issuer or HMO with 
respect to the group health plan only discloses eligibility, enrollment and 
disenrollment information and summary information (claims information that 
doesn't identify a member) to an employer group.
My two 
questions are: If a group health plan of an 
employer fall under the above definition (fully-insured), however decides to 
become self-funded, would our organization then be allowed to provide the 
claims experience by member to the employer in order for them to send to the 
stop-loss carrier?
And, what if the employer is in 
the process to determine if they want to become self-funded, would our 
organization be allowed to provide the employer claims experience by member 
to the employer in order for them to send to the stop-loss 
carrier?
Thank you in advance for your 
comments. 
Traci 
Jensen, CHC Health Alliance 
Medical Plans, Inc. Compliance 
Programs Manager 
This 
electronic message contains information from Health Alliance Medical Plans, 
Inc. that may be confidential and/or privileged. This information is 
intended to be for the use of the individual(s) or entity(ies) named above. 
If you are not the intended recipient, be aware that copying, disclosure or 
distribution is strictly prohibited. If you have received this electronic 
transmission in error, please notify us by telephone at 800-851-3379, ext. 
8012 or 4684 or by electronic mail to the sender 
immediately.
---The WEDI SNIP listserv to 
which you are subscribed is not moderated. The discussions on this listserv 
therefore represent the views of the individual participants, and do not 
necessarily represent the views of the WEDI Board of Directors nor WEDI 
SNIP. If you wish to receive an official opinion, post your question to the 
WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
should not be used for commercial marketing purposes or discussion of 
specific vendor products and services. They also are not intended to be used 
as a forum for personal disagreements or unprofessional communication at any 
time.You are currently subscribed t

RE: Disclosing Claims Info to Fully-Insured Group Moving to Self- Fund ed

[White, Karen]

Title: Disclosing Claims Info to Fully-Insured Group Moving to Self-Funded









Once they have certified that they have
made the appropriate changes, it doesn't matter if they are self-funded
or fully 0nsured.  HIPAA states that as a plan sponsor, they have needs for the
information even if they are fully insured.

 



Karen H.
White

Vice President

Medstat

 



-Original Message-
From: Deborah Campbell
[mailto:[EMAIL PROTECTED] 
Sent: Monday, March
 24, 2003 12:02 PM
To: WEDI SNIP
 Privacy Workgroup List
Subject: RE: Disclosing Claims
Info to Fully-Insured Group Moving to Self- Fund ed

 



According to what I know
about this, you would only be able to provide this type of information to the GHP
if they certified to you that they amended their plan documents. But, I might
be missing something.





Deborah
Campbell 
Compliance Coordinator 

Dominion
Dental Services, Inc. 
  115 South Union Street, Suite
  300 
   Alexandria, Virginia 22314


Phn:
(703) 518-5000 ext. 3035 
Fax: (703) 518-8849 
Toll Free:  888-518-5338

Email: [EMAIL PROTECTED]


***

The information in this email is confidential and may be
legally privileged.  It is intended solely for the addressee.  Access
to this email by anyone else is unauthorized.

If you are not the intended
recipient, any disclosure, copying, distribution or any action taken or omitted
to be taken in reliance on it is prohibited and may be unlawful.

*






-Original
Message-
From: Traci.Jensen
[mailto:[EMAIL PROTECTED]
Sent: Monday, March
 24, 2003 11:58 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: Disclosing Claims Info to
Fully-Insured Group Moving to Self-Fund ed

Pursuant to 164.530(k) a group health plan is not
subject to the Privacy standards if the group health plan provides health
benefits solely through an insurance contract with a health insurance issuer or
an HMO and the health insurane issuer or HMO with respect to the group health
plan only discloses eligibility, enrollment and disenrollment information and
summary information (claims information that doesn't identify a member) to an
employer group.

My two questions are:

If a
group health plan of an employer fall under the above definition
(fully-insured), however decides to become self-funded, would our organization
then be allowed to provide the claims experience by member to the employer in
order for them to send to the stop-loss carrier?

And, what if the employer is in the process to
determine if they want to become self-funded, would our organization be allowed
to provide the employer claims experience by member to the employer in order
for them to send to the stop-loss carrier?

Thank you in advance for your comments.


Traci
Jensen, CHC 
Health Alliance Medical Plans, Inc. 
Compliance Programs Manager 

This electronic message
contains information from Health Alliance Medical Plans, Inc. that may be
confidential and/or privileged. This information is intended to be for the use
of the individual(s) or entity(ies) named above. If you are not the intended
recipient, be aware that copying, disclosure or distribution is strictly
prohibited. If you have received this electronic transmission in error, please
notify us by telephone at 800-851-3379, ext. 8012 or 4684 or by electronic mail to the sender immediately.


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants,
and do not necessarily represent the views of the WEDI Board of Directors nor
WEDI SNIP. If you wish to receive an official opinion, post your question to
the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These
listservs should not be used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not intended to be used as
a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe form
at http://subscribe.wedi.org 



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not intended
to be use

patient menus

[BCluster]

Are hospitals protecting PHI contained on patient menus created in Dietary
Services?
We have patient menus that contain the name, room number, menu and dietary
restrictions due to diagnosis.

Should  this be disposed of in the regular trash or shredded?

Barb Cluster
  " Integrity is doing the right thing even when no one is looking"
Compliance Auditor
 ext 5284

  Greene Memorial Hospital, Inc.
  1141 N Monroe, Xenia, OH 45385
  937-429-3200

Confidentiality Notice:  This message , including attachments, is for the
sole use of the intended recipient and may contain confidential, privileged
information.  Any unauthorized review, use, disclosure or distribution is
prohibited.  If you are not the intended recipient, please contact the
sender and destroy any and all copies.


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

RE: Disclosing Claims Info to Fully-Insured Group Moving to Self-Fund ed

[David Ermer]

There's a complete discussion of this issue in the WEDI SNIP Privacy
Policies and Procedures Ver. 2.0 (fully updated for the 8/14
modifications to the Privacy Rule.)  Look at the Group Health Plans
chapter in the General section.  For a copy head to snip.wedi.org and
click on work products -- privacy.

When it comes to tools for dealing with these issues at this crunch
time, I don't think that you can go wrong if you have at the ready, the
WEDI SNIP Privacy Ps & Ps resource document, the combined text version
of the Privacy Rule that HHS issued in October (www.hhs.gov/ocr), and
the 12/4/03 OCR guidance (also available at that hhs web site).

Best regards, Dave Ermer

Gordon & Barnett
Attorneys at Law
1133 21st St., NW, Suite 450
Washington, DC 20036
202-833-3400 ext 3009 (voice)
202-223-0120 (fax)
www.gordon-barnett.com

>>> Deborah Campbell <[EMAIL PROTECTED]> 03/24/03 12:01PM
>>>
According to what I know about this, you would only be able to provide
this
type of information to the GHP if they certified to you that they
amended
their plan documents. But, I might be missing something.
Deborah Campbell 
Compliance Coordinator 

Dominion Dental Services, Inc. 
115 South Union Street, Suite 300 
Alexandria, Virginia 22314 

Phn: (703) 518-5000 ext. 3035 
Fax: (703) 518-8849 
Toll Free:  888-518-5338 
Email: [EMAIL PROTECTED] 

*** 
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee.  Access to this email by
anyone
else is unauthorized.

If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it is
prohibited
and may be unlawful.

* 

-Original Message-
From: Traci.Jensen [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 24, 2003 11:58 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Disclosing Claims Info to Fully-Insured Group Moving to
Self-Fund
ed



Pursuant to 164.530(k) a group health plan is not subject to the
Privacy
standards if the group health plan provides health benefits solely
through
an insurance contract with a health insurance issuer or an HMO and the
health insurane issuer or HMO with respect to the group health plan
only
discloses eligibility, enrollment and disenrollment information and
summary
information (claims information that doesn't identify a member) to an
employer group.

My two questions are: 
If a group health plan of an employer fall under the above definition
(fully-insured), however decides to become self-funded, would our
organization then be allowed to provide the claims experience by member
to
the employer in order for them to send to the stop-loss carrier?

And, what if the employer is in the process to determine if they want
to
become self-funded, would our organization be allowed to provide the
employer claims experience by member to the employer in order for them
to
send to the stop-loss carrier?

Thank you in advance for your comments. 

Traci Jensen, CHC 
Health Alliance Medical Plans, Inc. 
Compliance Programs Manager 

This electronic message contains information from Health Alliance
Medical
Plans, Inc. that may be confidential and/or privileged. This
information is
intended to be for the use of the individual(s) or entity(ies) named
above.
If you are not the intended recipient, be aware that copying,
disclosure or
distribution is strictly prohibited. If you have received this
electronic
transmission in error, please notify us by telephone at 800-851-3379,
ext.
8012 or 4684 or by electronic mail to the sender immediately.


---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI
Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and
services. They also are not intended to be used as a forum for
personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED] 
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED] 
If you need to unsubscribe but your current email address is not the
same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org 



---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an

RE: Disclosing Claims Info to Fully-Insured Group Moving to Self- Fund ed

[Deborah Campbell]

Title: Disclosing Claims Info to Fully-Insured Group Moving to Self-Funded



According to what I know about this, you would only be able to provide 
this type of information to the GHP if they certified to you that they amended 
their plan documents. But, I might be missing something.

Deborah Campbell 
Compliance Coordinator 

Dominion Dental Services, 
Inc. 115 South Union 
Street, Suite 300 Alexandria, Virginia 22314 
Phn: (703) 518-5000 ext. 
3035 Fax: (703) 
518-8849 Toll 
Free:  888-518-5338 Email: [EMAIL PROTECTED] 
*** The information in this email is confidential and may be 
legally privileged.  It is intended solely for the addressee.  Access 
to this email by anyone else is unauthorized.
If you are not the intended recipient, any 
disclosure, copying, distribution or any action taken or omitted to be taken in 
reliance on it is prohibited and may be unlawful.
* 


  -Original Message-From: Traci.Jensen 
  [mailto:[EMAIL PROTECTED]Sent: Monday, March 24, 
  2003 11:58 AMTo: WEDI SNIP Privacy Workgroup 
  ListSubject: Disclosing Claims Info to Fully-Insured Group Moving 
  to Self-Fund ed
  Pursuant to 164.530(k) a group health plan is not 
  subject to the Privacy standards if the group health plan provides health 
  benefits solely through an insurance contract with a health insurance issuer 
  or an HMO and the health insurane issuer or HMO with respect to the group 
  health plan only discloses eligibility, enrollment and disenrollment 
  information and summary information (claims information that doesn't identify 
  a member) to an employer group.
  My two questions are: If a group health plan of an employer fall under the above 
  definition (fully-insured), however decides to become self-funded, would our 
  organization then be allowed to provide the claims experience by member to the 
  employer in order for them to send to the stop-loss carrier?
  And, what if the employer is in the process to 
  determine if they want to become self-funded, would our organization be 
  allowed to provide the employer claims experience by member to the employer in 
  order for them to send to the stop-loss carrier?
  Thank you in advance for your comments. 
  Traci Jensen, 
  CHC Health 
  Alliance Medical Plans, Inc. Compliance Programs 
  Manager 
  This electronic 
  message contains information from Health Alliance Medical Plans, Inc. that may 
  be confidential and/or privileged. This information is intended to be for the 
  use of the individual(s) or entity(ies) named above. If you are not the 
  intended recipient, be aware that copying, disclosure or distribution is 
  strictly prohibited. If you have received this electronic transmission in 
  error, please notify us by telephone at 800-851-3379, ext. 8012 or 
  4684 or by electronic mail to the 
  sender immediately.---The WEDI SNIP listserv to which 
  you are subscribed is not moderated. The discussions on this listserv 
  therefore represent the views of the individual participants, and do not 
  necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. 
  If you wish to receive an official opinion, post your question to the WEDI 
  SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should 
  not be used for commercial marketing purposes or discussion of specific vendor 
  products and services. They also are not intended to be used as a forum for 
  personal disagreements or unprofessional communication at any time.You 
  are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/U

Disclosing Claims Info to Fully-Insured Group Moving to Self-Fund ed

[Traci.Jensen]

Title: Disclosing Claims Info to Fully-Insured Group Moving to Self-Funded





Pursuant to 164.530(k) a group health plan is not subject to the Privacy standards if the group health plan provides health benefits solely through an insurance contract with a health insurance issuer or an HMO and the health insurane issuer or HMO with respect to the group health plan only discloses eligibility, enrollment and disenrollment information and summary information (claims information that doesn't identify a member) to an employer group.

My two questions are:
If a group health plan of an employer fall under the above definition (fully-insured), however decides to become self-funded, would our organization then be allowed to provide the claims experience by member to the employer in order for them to send to the stop-loss carrier?

And, what if the employer is in the process to determine if they want to become self-funded, would our organization be allowed to provide the employer claims experience by member to the employer in order for them to send to the stop-loss carrier?

Thank you in advance for your comments.


Traci Jensen, CHC
Health Alliance Medical Plans, Inc.
Compliance Programs Manager


This electronic message contains information from Health Alliance Medical Plans, Inc. that may be confidential and/or privileged. This information is intended to be for the use of the individual(s) or entity(ies) named above. If you are not the intended recipient, be aware that copying, disclosure or distribution is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone at 800-851-3379, ext. 8012 or 4684 or by electronic mail to the sender immediately.



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: identification of people at front desk

[Dan Kelsey]

Ed - You might want to take a look at the December 4, 2002 clarification document.  In 
a nutshell, you can rely on professional judgment.  OCR stated that others can pick up 
prescriptions for the patient.  Chances are that the only way the individual knows to 
pick up the information, etc. is if the patient informed the individual.  For the 
majority of items, this should not be an issue - but if the person is picking a Rx for 
pain meds, etc, you might want to verify with the patient.

Hope this helps,

Dan Kelsey
Practice Advisor
Indiana State Medical Association
800-257-4762
(317) 261-2060
(317) 261-2076 - fax


-Original Message-
From: Ed Hecht [mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 11:12 AM
To: WEDI SNIP Privacy Workgroup List
Subject: identification of people at front desk


We're a busy primary care office and often have people stop in to pick
up various things - referrals, prescriptions, letters, medical records,
etc.  Often it is not the patient him/herself.   What are we required to
do to:

a.  insure that the person is who s/he is supposed to be
b.  if it is not the patient, that s/he has the right to pick up the
material.  

 

We have already started to seal everything in an envelope, which we
didn't used to do.   Any guidance would be appreciated.  Thank you.

 

Ed Hecht, CEO, Piedmont Primary Care


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

identification of people at front desk

[Ed Hecht]

We're a busy primary care office and often have people stop in to pick
up various things - referrals, prescriptions, letters, medical records,
etc.  Often it is not the patient him/herself.   What are we required to
do to:

a.  insure that the person is who s/he is supposed to be
b.  if it is not the patient, that s/he has the right to pick up the
material.  

 

We have already started to seal everything in an envelope, which we
didn't used to do.   Any guidance would be appreciated.  Thank you.

 

Ed Hecht, CEO, Piedmont Primary Care


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: New to this list, have two questions.

[Doug Webb]

Title: RE: New to this list, have two questions.



Deborah,
I agree.
Your short answer to 2) was "No".  I'll add 
another two roles (only one of which has a "Yes answer).
 
If what they're discussing is actively participating in a 
Treatment Plan, then the Case Manager would be a potential Covered Entity 
(acutal one if she bills electronically) operating on her own behalf and 
participating in Treatment.
 
Only in the case that the Case Manager is doing a service on 
behalf of the Provider, and that service is not delivering health care, would a 
BAA be necessary.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Deborah Campbell 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Monday, March 24, 2003 08:38 
  AM
  Subject: RE: New to this list, have two 
  questions.
  
  Here's my opinion. I'd be interested if anyone has other 
  opinions. 1) An email is unprotected as soon as it is 
  sent over the internet. Almost anyone can intercept it. So you need to 
  determine your risk and what you want to do to eliminate it. We have 
  determined that no PHI will be sent via email until we have an encryption 
  solution.
  2) It depends what the Case Manager is doing. If they are 
  working "on behalf of  the insurance carrier, 
  then they are either an employee of the carrier or a BA of the carrier. If 
  they are doing Quality Assurance on behalf of the carrier, you are permitted 
  to release PHI to them without the need of any contract with them (the carrier 
  would have the contract). Check § 164.506(c)(4) of the August revisions of the 
  Privacy Rule.
  Deborah Deborah Campbell 
  Compliance Coordinator 
  Dominion Dental Services, Inc. 115 
  South Union Street, Suite 300 Alexandria, Virginia 
  22314 
  Phn: (703) 518-5000 ext. 3035 Fax: 
  (703) 518-8849 Toll Free:  888-518-5338 
  Email: [EMAIL PROTECTED] 
  *** The information in this email is confidential and may be legally 
  privileged.  It is intended solely for the addressee.  Access to 
  this email by anyone else is unauthorized.
  If you are not the intended recipient, any disclosure, 
  copying, distribution or any action taken or omitted to be taken in reliance 
  on it is prohibited and may be unlawful.
  * 
  
  -Original Message- From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, March 24, 2003 9:25 AM To: WEDI 
  SNIP Privacy Workgroup List Subject: New to this list, 
  have two questions. 
  Hello List, 
  I am new to this list, so please be patient with me, if I ask 
  any questions that have been addressed repeatedly in 
  the past.  Anyway, I am the HIPAA Privacy Officer 
  for a Physician's Group Practice and have just recently finished our first round of "Privacy Training and Education" for the 
  group.  Two questions came up that I could not 
  answer specifically: 
     1)   Is there 
  specific direction as to what we can and can not discuss during  
  e-mails between the clinic and patient; and 
     2)   Do we need 
  a contract between Nurse Case Manager's that come in to our  
  office to discuss treatment plans with our doctors (that are contracted  
  by the Insurance Carrier) and our Physician's Group to satisfy 
  "Business  
  Associate Policy" portion of our HIPAA Privacy Rule policies? 
  I appreciate any information available.  Also, please let 
  me know if there are other "List-Serves" that are more specific to "Healthcare Privacy, Security 
  & Electronic Transactions." 
  Thank You, Daryl Ewing, CPC 
  RPK Anesthesia, 
  P.A.  
  
  --- The WEDI SNIP listserv to which 
  you are subscribed is not moderated. The discussions on this listserv 
  therefore represent the views of the individual participants, and do not 
  necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. 
  If you wish to receive an official opinion, post your question to the WEDI 
  SNIP Issues Database at http://snip.wedi.org/tracking/.   
  These listservs should not be used for commercial marketing purposes or 
  discussion of specific vendor products and services.  They also are not 
  intended to be used as a forum for personal disagreem

Looking to broaden my horizons

[JC]

Hi Group,

I was wondering if anyone is in the market for a privacy officer or security
director. I would like to stay in Ohio.

The atmosphere within the organization I am currently with does not look
favorable.

In a couple of months I will be obtaining an associates degree in criminal
justice in centered around private security, I have about 2 1/2 years
experience with Progressive. I also have provided executive and vip
protection in the past.

If anyone hears or knows anyone in the market for my services please let me
know. It will be greatly appreciated.

Thanks,
John Corbett
Compliance Officer
Progressive Home Care, Inc
Cleveland, Ohio


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

RE: New to this list, have two questions.

[Deborah Campbell]

Title: RE: New to this list, have two questions.





Here's my opinion. I'd be interested if anyone has other opinions.
1) An email is unprotected as soon as it is sent over the internet. Almost anyone can intercept it. So you need to determine your risk and what you want to do to eliminate it. We have determined that no PHI will be sent via email until we have an encryption solution.

2) It depends what the Case Manager is doing. If they are working "on behalf of
 the insurance carrier, then they are either an employee of the carrier or a BA of the carrier. If they are doing Quality Assurance on behalf of the carrier, you are permitted to release PHI to them without the need of any contract with them (the carrier would have the contract). Check § 164.506(c)(4) of the August revisions of the Privacy Rule.

Deborah
Deborah Campbell
Compliance Coordinator


Dominion Dental Services, Inc.
115 South Union Street, Suite 300
Alexandria, Virginia 22314


Phn: (703) 518-5000 ext. 3035
Fax: (703) 518-8849
Toll Free:  888-518-5338
Email: [EMAIL PROTECTED]


***
The information in this email is confidential and may be legally privileged.  It is intended solely for the addressee.  Access to this email by anyone else is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful.

*




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 24, 2003 9:25 AM
To: WEDI SNIP Privacy Workgroup List
Subject: New to this list, have two questions.



Hello List,


I am new to this list, so please be patient with me, if I ask any questions 
that have been addressed repeatedly in the past.  Anyway, I am the HIPAA 
Privacy Officer for a Physician's Group Practice and have just recently 
finished our first round of "Privacy Training and Education" for the group.  
Two questions came up that I could not answer specifically:


   1)   Is there specific direction as to what we can and can not discuss 
during 
 e-mails between the clinic and patient; and


   2)   Do we need a contract between Nurse Case Manager's that come in 
to our 
 office to discuss treatment plans with our doctors (that are 
contracted 
 by the Insurance Carrier) and our Physician's Group to satisfy 
"Business 
 Associate Policy" portion of our HIPAA Privacy Rule policies?


I appreciate any information available.  Also, please let me know if there 
are other 
"List-Serves" that are more specific to "Healthcare Privacy, Security & 
Electronic Transactions."


Thank You,
Daryl Ewing, CPC
RPK Anesthesia, P.A.  


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]

If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

New to this list, have two questions.

[rpkanes]

Hello List,

I am new to this list, so please be patient with me, if I ask any questions 
that have been addressed repeatedly in the past.  Anyway, I am the HIPAA 
Privacy Officer for a Physician's Group Practice and have just recently 
finished our first round of "Privacy Training and Education" for the group.  
Two questions came up that I could not answer specifically:

   1)   Is there specific direction as to what we can and can not discuss 
during 
 e-mails between the clinic and patient; and

   2)   Do we need a contract between Nurse Case Manager's that come in 
to our 
 office to discuss treatment plans with our doctors (that are 
contracted 
 by the Insurance Carrier) and our Physician's Group to satisfy 
"Business 
 Associate Policy" portion of our HIPAA Privacy Rule policies?

I appreciate any information available.  Also, please let me know if there 
are other 
"List-Serves" that are more specific to "Healthcare Privacy, Security & 
Electronic Transactions."

Thank You,
Daryl Ewing, CPC
RPK Anesthesia, P.A.  

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org