RE: Here is a good Privacy Issue that will cause problems

2003-01-17 Thread Bruce Bradigan
There was some good discussion of whether it was proper (legal) for the
pharmacist to notify the prescribers (probably not), but if he stole the RX
book, or someone suspected he stole the RX book, that was a (potential)
crime and should have been reported to the police.  I was thinking about
suggesting reporting it to the police in the first place.  They would have
(hopefully) done an investigation and developed a case before notifying
anybody, thus preventing the embarrassment to the wrong person (and
potential law suit).  

If the pharmacist reported it to the police and it turned out that nothing
illegal was done, I don't see what harm it would have done to the pharmacist
or to the person suspected of wrong doing.

Bruce Bradigan
Healthcare Consultant

 -Original Message-
 From: Rebekah Savoie [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, January 16, 2003 5:43 PM
 To: WEDI SNIP Privacy Workgroup List
 Subject: RE: Here is a good Privacy Issue that will cause problems
 Thank you for all your responses.  They were all great and 
 exactly what I expected - 
 Now I will tell you the rest of the story -
 A man stole some Rx books and forged the Rx's - but it gets 
 better - he used someone else's name and the pharmacy gave 
 this information to physicians when the person they thought 
 and named was seeking drugs, was actually not.  You can 
 imagine how mad this man was after the information got back 
 to his employer who was a friend of a physician that received 
 one of the general mail-out letters about him being a drug seeker.
 Makes you think, doesn't it?
 Rebekah Savoie
 Healthcare Consultant
  Christiansen, John (SEA) [EMAIL PROTECTED] 01/16/03
 Robert -
 I think I need to question one of your assumptions, and your 
 approach to this kind of problem. 
 #1 the assumption that:  the individual has lost the right 
 to privacy once they break the law is not correct, and is in 
 fact dangerously incorrect.
 HIPAA does not state that principle anywhere. It does list a 
 number of conditions under which PHI may be disclosed: for 
 TPO, under an authorization, and under the conditions listed 
 in 45 CFR 164.512 (uses and disclosures not for TPO for which 
 no authorization is required). If you read that regulation 
 you will see that subsection (a) does permit a disclosure 
 required by law, while subsection (f) sets out the specific 
 requirements for disclosures for law enforcement purposes. 
 (The other exceptions in this regulation don't appear likely 
 ever to apply to this kind of situation). If there is a law 
 on the books requiring disclosure of drug-seeking behavior, 
 exception (a) would apply; but I am not aware of any such 
 laws (doesn't mean there aren't any, I just don't know of any). 
 This is a very different approach to privacy from the 
 assumption that if you break the law you lose your privacy. 
 While the U.S. Constitution does not explicitly state a 
 privacy right (there are theories that it does so implicitly, 
 but that's another set of questions), HIPAA does create a 
 statutory/regulatory set of privacy obligations on the part 
 of CEs and entitlements on the part of individuals. I frankly 
 don't think that a pharmacist's judgment that he thinks 
 someone has broken the law by improperly seeking drugs (by 
 the way, *is* drug-seeking behavior a crime? or just a basis 
 for suspicion of a crime? or are we using an alert of this 
 kind to prevent health problems and over-prescription?) will 
 suffice to eliminate this entitlement (as a matter of law) or 
 relieve the pharmacist, as a CE, of his or her obligation to 
 respect these privacy entitlements by complying with the 
 regulations. (By the way, what if he's wrong? In addition to 
 breach of privacy there might well be a suit for libel available.)
 This is not to say something can't be done to communicate 
 about this kind of problem - we have discussed it quite a bit 
 and there have been a number of good postings on the subject 
 - but the way to approach a solution it is to start with the 
 regulations and read them carefully. (Also any applicable 
 business associate contracts; for example, in your example of 
 the PBM, has the PBM checked to make sure any BAC it has with 
 a CE that provided some of the PHI which describes the 
 prescriptions written permits that kind of disclosure? There 
 are some badly drafted documents out there, not all of which 
 might allow for everything you would like to assume they do.)
 The underlying point being that with HIPAA coming into effect 
 decisions like these have to be made in a more formal way, 
 with actual reference to regs and contracts and not in 
 reliance on what you assume should be the right result.
 John R. Christiansen 
 Preston | Gates | Ellis LLP 
 701 Fifth Avenue, Seattle, Washington 98104 
 *Direct: 206.613.7118 - *Cell: 206.683.9125 
 -Original Message-

RE: HIPAA privacy and telephone

2003-01-17 Thread Bruce Bradigan
Can anyone point me towards vendors of systems like this (off list, please)

Thank you,
Bruce Bradigan
Healthcare Consultant

 -Original Message-
 From: Lawson, Pam [mailto:[EMAIL PROTECTED]] 
 Sent: Friday, January 17, 2003 1:03 PM
 To: WEDI SNIP Privacy Workgroup List
 Subject: RE: HIPAA privacy and telephone
 This is exactly what my physician does.  When I have lab work 
 at his office, I am given a slip of paper that has dial-in 
 instructions, the pin number and my code number and when I 
 can expect for the results to be available.  I dial-in and 
 listen to my physician's pre-recorded message to me regarding 
 the results of my lab work and any comments about it.  Only 
 if the results are really bad does the doctor or nurse 
 personally call and discuss the results (and this is prior to 
 the results being available on the dial-in system).  I like 
 the system since there is no phone tag, I can listen to the 
 results when convenient for me, don't have to worry about 
 family members accidently erasing the message and I can 
 listen to it again (for up to so many days).  The only down 
 side is when the doctor does call you know immediately that 
 it is not good news.

(prior messages snipped)

The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as:
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at or send a blank email to 
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at