RE: Right to Inspect and Copy Internal Offices Notes
Traci/Jill what are your thoughts about QA or nurses reports documenting patient related incidents? The DRS definitions seem broad enough to capture these, but what if there are state laws that would not make them subject to say discovery in litigation? Do you think HIPAA now would pick them up? Leslie Bender ROI WebEd Company -Original Message- From: Traci.Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 19, 2003 4:58 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Right to Inspect and Copy Internal Offices Notes If the internal notes are used in whole or in part to make a decision about an individual, then they would be part of the DRS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 7:44 AM To: WEDI SNIP Privacy Workgroup List Subject: Right to Inspect and Copy Internal Offices Notes Patients have the right to inspect and copy their medical record a practice maintains in a designated record set. I understand that some offices keep internal notes of sorts (this patient is difficult, cooperative, etc.). Do patients have the right to access those as well? Are they considered part of the designated record set? Thanks as always for your helpful input. Jill Rubin --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: If patient refuses to sign receipt of NOPP
You document in the patients record their refusal and your good faith effort to obtain and proceed with TPO. Leslie C. Bender ROI WebEd Company -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:05 PM To: WEDI SNIP Privacy Workgroup List Subject: If patient refuses to sign receipt of NOPP If a patient refuses to sign an acknowledgment of NOPP, what do we do in regards to TPO? What rights do we have? We cannot discriminate or refuse treatment? What do you suggest we say to the patient if they refuse? Much appreciated help needed. Robin Henry, OM OB/GYn --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Another NPP question
Ive also seen small practice groups (in lieu of sign in sheets) and pharmacies developing an acknowledgment book approach with the printed language of the acknowledgment at the top of each page with patients signing the book and dating their signature and it is my understanding that this is okay based on comments about scalability from HHS. Leslie C. Bender ROI WebEd Company 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 Phone: 410-453-4125 Facsimile: 410-453-4126 www.roiWebEd.com -Original Message- From: Craig Moen [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 9:46 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: Another NPP question Doug and Leslie As I was looking into the Rule itself for something different I stumbled across this under 164.522 pg 53240 For example, The final rule does not require an individuals signature on the notice. Instead, a covered healthcare provider is permitted, for example to have the individual's sign a separate sheet or list, or to simply initial a cover sheet of the notice to be retained by the provider Finally somwhere, where my(our) thoughts were inline with the rule Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 8:31 AM To: Craig Moen; WEDI SNIP Privacy Workgroup List Subject: Re: Another NPP question Craig, I agree with your position. I think that a signed document needs at least one full signature. Having that full signature and date, I would think that initials other places should be OK (they work for the money people). The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: Craig Moen To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, March 19, 2003 08:14 AM Subject: RE: Another NPP question During our initial admit paperwork we are planning of having the patient initial next to acknowledgement of receipt. However, they also sign the end of that document because they initial other items on that particular page For existing patients, I don't see how intials by themselves would work Just my opinion Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message- From: Harpe, Leslie [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 7:58 AM To: 'Craig Moen'; WEDI SNIP Privacy Workgroup List Subject: RE: Another NPP question I have a line that states I acknowledge receipt of the Notice of Privacy Practice. and a line to sign on our COA. I'm going to piggyback a question with your question, are initials acceptable for acknowledgment? -Original Message- From: Craig Moen [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 6:00 PM To: WEDI SNIP Privacy Workgroup List Subject: Another NPP question Another NPP question. We are drafting our aknowledgement of receipt form for existing patients for distribution
RE: Billing Services with Contractors
See 45 CFR Section 164.504(e)(2)(i)(D). There is also language to this effect in the OCR's Model BA document. Leslie Bender -Original Message- From: Brenda K. Burton [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 2:09 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Billing Services with Contractors Leslie - So if my billing company did not consider itself a clearinghouse (thus a CE); and we were only a BA, then anybody we subcontracted to would require us to have a BA as well, (e.g. 'second tier business associates')? I have not seen/been told that before. Please indicate where that is stated in the regs. I appreciate your input and education! Thanks, Brenda Daniel: Not all billing services are business associates only. If your billing service performs any translations of standard to nonstandard data elements in connection with any of the standard transactions (e.g., if you receive any print images of non standard itemized bills your provider clients have sent and key them into an 837 for re-billing or for billing to an insurer you now have discovered) your billing service may meet the HIPAA definition of a clearinghouse and thus you would be both a business associate and a covered entity. If you have any vendors with whom you use/exchange PHI on behalf of your provider clients, they would likely be second tier business associates and yes you would need to have them execute BA agreements with you at least as stringent as those you sign with your provider clients. For example, if you forward accounts from patients residing in other states to billing companies in those states, you would need a BA agreement with the billing services to whom you forward the accounts. ACA International, a non profit trade association for, among others, billing and health care collection agencies has extensive educational materials and an upcoming program applying HIPAA to billing services and health care collection agencies. They have some upcoming educational programs that may interest you and your counsel. Hope this helps. Leslie C. Bender ROI WebEd Company -Original Message- From: Daniel E. McDonald [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 12:59 PM To: WEDI SNIP Privacy Workgroup List Subject: Billing Services with Contractors I wanted to get input regarding Billing Services that use contractors to perform certain services. My understanding is the Billing Service is considered a Business Associate and not a covered entity. If that is true, would the contractors working for a billing service be Business Associates of a Business Associate and would they sign a similair BA agreement as the billing service did but between them and the billing service?? I look forward to everyone's intepretation as even our attorney is a bit confused. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please notify me immediately at 1-800-500-0175 ext 114 and permanently delete the original and any copy of any e-mail and printout thereof. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion
RE: Billing Services with Contractors
Oops - my apologies - little typo - 45 CFR Section 164.504(e)(2)(ii)(D) - need stronger reading glasses. Leslie Bender -Original Message- From: Leslie C Bender [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 2:31 PM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Billing Services with Contractors See 45 CFR Section 164.504(e)(2)(i)(D). There is also language to this effect in the OCR's Model BA document. Leslie Bender -Original Message- From: Brenda K. Burton [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 2:09 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Billing Services with Contractors Leslie - So if my billing company did not consider itself a clearinghouse (thus a CE); and we were only a BA, then anybody we subcontracted to would require us to have a BA as well, (e.g. 'second tier business associates')? I have not seen/been told that before. Please indicate where that is stated in the regs. I appreciate your input and education! Thanks, Brenda Daniel: Not all billing services are business associates only. If your billing service performs any translations of standard to nonstandard data elements in connection with any of the standard transactions (e.g., if you receive any print images of non standard itemized bills your provider clients have sent and key them into an 837 for re-billing or for billing to an insurer you now have discovered) your billing service may meet the HIPAA definition of a clearinghouse and thus you would be both a business associate and a covered entity. If you have any vendors with whom you use/exchange PHI on behalf of your provider clients, they would likely be second tier business associates and yes you would need to have them execute BA agreements with you at least as stringent as those you sign with your provider clients. For example, if you forward accounts from patients residing in other states to billing companies in those states, you would need a BA agreement with the billing services to whom you forward the accounts. ACA International, a non profit trade association for, among others, billing and health care collection agencies has extensive educational materials and an upcoming program applying HIPAA to billing services and health care collection agencies. They have some upcoming educational programs that may interest you and your counsel. Hope this helps. Leslie C. Bender ROI WebEd Company -Original Message- From: Daniel E. McDonald [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 12:59 PM To: WEDI SNIP Privacy Workgroup List Subject: Billing Services with Contractors I wanted to get input regarding Billing Services that use contractors to perform certain services. My understanding is the Billing Service is considered a Business Associate and not a covered entity. If that is true, would the contractors working for a billing service be Business Associates of a Business Associate and would they sign a similair BA agreement as the billing service did but between them and the billing service?? I look forward to everyone's intepretation as even our attorney is a bit confused. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please notify me immediately at 1-800-500-0175 ext 114 and permanently delete the original and any copy of any e-mail and printout thereof. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views
RE: Is HIPAA Individually Liable?
I agree with Rachel and note that many state laws do indeed give individuals the right to sue for alleged medical privacy violations. Further, in the Commonwealth of Virginia, the federal courts have determined that HIPAA's Privacy Rule, having been crafted by the federal agency charged with responsibility for regulating health care, represents a general standard for medical privacy. As a result the courts in that state (commonwealth) have generally adopted the Privacy Rule as a statewide medical privacy standard regardless of the compliance deadlines in HIPAA or its own limiting definitions. There are likely no shortage of creative legal theories that would allow an individual to file a private lawsuit. These could include: negligence theories, breach of contract (similar to lawsuits when individuals believe their informed consent for treatment was violated in some way), invasion of privacy or breach of confidentiality or other crafty fox theories that could permit a state attorney general or plaintiff's attorney to bring a private suit. As an aside, the Federal Trade Commission also regards certain types of breaches of privacy as unfair and deceptive trade practices under Section 5 of the Federal Trade Commission Act (which is similar to many state consumer protection statutes) -- many may recall the Eli Lilly enforcement action last year under this statute. Leslie C. Bender, Esquire 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 Phone: 410-453-4125 Facsimile: 410-453-4126 www.roiWebEd.com -Original Message- From: Rachel Foerster [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 1:26 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Is HIPAA Individually Liable? Here's what I believe is the real deal: 1. The HIPAA law and regulations do not give the individual any statutory rights. This means that an individual who feels his/her individual privacy rights have been violated cannot bring suit in Federal Court. The recourse open to an individual under HIPAA is to file a complaint with the OCR which should then investigate. OCR could then refer to the Department of Justice would could bring suit against the violator. 2. HIPAA does not take away any individual's statutory rights under state law. These, of course, vary by state. Lawyers out there - did I get this right? Rachel Foerster Principal Rachel Foerster Associates, Ltd. Professionals in Health Care EDI 39432 North Avenue Beach Park, IL 60099 Voice: 847-872-8070 Fax: 847-872-6860 eMail: [EMAIL PROTECTED] http://www.rfa-edi.com -Original Message- From: Nancy Jones [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 11:40 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: Is HIPAA Individually Liable? I would like to add to this question . . . I have been to several HIPAA workshops, each taught by a different attorney or team of attorneys. One group will tell you that the entity can't be sued for damages if a HIPAA violation occurs . . . . that sanctions from the OCR is punishment enough for the covered entity and that patients may not expect damages. Others have said that plaintiff's attorneys are circling like buzzards and buying the back covers of telephone books all over America with the big question . . HAS YOUR MEDICAL PRIVACY BEEN VIOLATED? I havent' gotten a straight answer yet! And now I hear that THIPAA - the Texas version of HIPAA that goes in to effect in 9/03 not only allows the entity to be sued, but the individual can be held personally liable. I am a patient advocate and believe in the fundamental principals of protecting health information, but this is really getting out of hand. Patricia Conroe wrote: I apologize if this is listed somewhere real obvious, but I was wondering if there was a definite answer as to who's liable when HIPAA has been violated? In a hospital situation, if HIPAA's violated and jail time and fines are distributed who gets that fun time? Is it the CEO, the Privacy Officer, the employee who violated the rule, all of the above, etc? Thank you! --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address
RE: Board of Directors - Workforce or Business Associates?
How are organizations classifying Board of Directors or Trustee members? Workforce -- or since they are not under the direction of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as business associates and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org