RE: NPP in Other Languages
Limited English Proficiency (LEP) guidance at: http://www.hhs.gov/ocr/lep/ If you are subject to Title VI, as it applies to LEP persons, below is safe harbor gudiance from the above OCR resource: Safe Harbor. The following actions will be considered strong evidence of compliance with the recipient's written-translation obligations: (a) The DOJ recipient provides written translations of vital documents for each eligible LEP language group that constitutes five percent or 1,000, whichever is less, of the population of persons eligible to be served or likely to be affected or encountered. Translation of other documents, if needed, can be provided orally; or (b) If there are fewer than 50 persons in a language group that reaches the five percent trigger in (a), the recipient does not translate vital written materials but provides written notice in the primary language of the LEP language group of the right to receive competent oral interpretation of those written materials, free of cost. These safe harbor provisions apply to the translation of written documents only. They do not affect the requirement to provide meaningful access to LEP individuals through competent oral interpreters where oral language services are needed and are reasonable. For example, correctional facilities should, where appropriate, ensure that prison rules have been explained to LEP inmates, at orientation, for instance, prior to taking disciplinary action against them. Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847 -Original Message- From: Christiansen, John (SEA) [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 5:43 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: NPP in Other Languages Folks - The plain language requirement for the NPP incorporates regulatory requirements that include translation into other languages if they are a material element of the population you serve. I did the research well over a year ago so don't recall the citations, and don't have time to dig it up just now, but I believe it was available via an OCR webpage. There are criteria for determining what languages you need to include, and this would apply to any CE, not just an employer plan. John R. Christiansen Preston | Gates | Ellis LLP 925 Fourth Avenue, Suite 2900 Seattle, Washington 98104 *Direct: 206.370.8118 *Cell: 206.683.9125 * [EMAIL PROTECTED] Notice: Internet e-mail is inherently insecure. Unencrypted e-mail may be accessible to unauthorized viewers, content may be modified or corrupted, and headers or signatures may incorrectly identify the sender. If you wish to confirm this message or the identity of the sender, please contact me using a communications channel other than a reply to this e-mail. Secure electronic messaging is available and recommended for confidential or sensitive communications. -Original Message- From: David Ermer [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 1:53 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: NPP in Other Languages It strikes me as an attorney who represents ERISA governed health plans that the NPP can be considered a material modification to the health plan under the U.S. Labor Department's (DOL) rules. DOL, in contrast to HHS, has very specific rules on distributing a summary plan description or a summary of material modifications to a plan participant, i.e., hand delivery, first class mail (second or third class only if return and forwarding postage is guaranteed and address correction is requested), or electronic delivery under certain circumstances and on when you need to translate such plan documents into another language. If your covered entity is governed by ERISA, I suggest that you apply these rules. If you covered entity is not governed by ERISA, you still may find the guidance helpful. I have quoted the foreign language and mailing guidance below. Best regards, Dave Ermer 29 C.F.R. §2520.102-2 Style and Format of SPD: (c) Foreign languages. In the case of either-- (1) A plan that covers fewer than 100 participants at the beginning of a plan year, and in which 25 percent or more of all plan participants are literate only in the same non-English language, or (2) A plan which covers 100 or more participants at the beginning of the plan year, and in which the lesser of (i) 500 or more participants, or (ii) 10% or more of all plan participants are literate only in the same non-English language, so that a summary plan description in English would fail to inform these participants adequately of their rights and obligations under the plan, the plan administrator for such plan shall provide these participants with an English-language summary plan description which prominently displays a notice, in the non-English language common to these participants, offering them assistance. The assistance provided need not involve written materials, but shall be given in the non-English
RE: Filing deadline for complaints
Diane, If you limit your complaint acceptance period to 30 days, the only other recourse the person would have is to file a complaint with the Secretary if the occurance is more than 30 days old. For my agency, I had rather our patients come to us with a complaint rather than the Secretary of DHHS, so I am leaving the door open to accepting complaints. Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847 -Original Message- From: Diana DeWeese [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 3:29 PM To: WEDI SNIP Privacy Workgroup List Subject: Filing deadline for complaints Regarding complaints filed with the Secretary of DHHS, the Privacy Rule states in 160.306 (b)(3) that a complaint must be filed within 180 days of when the complainant knew or should have known. Can a covered entity specify a shorter time frame for an individual filing a complaint with the covered entity - such as - within 30 days? Diana DeWeese Illinois Dept of Human Services [EMAIL PROTECTED] 217-557-9103 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Unlocked charts
Matt, Here is the source of my confusion, thank you in advance for any light you can shed on my question. We have an open filing system for our medical records, so are unable to better safeguard them. Budget constraints prohibit a more secure system at this time. When our contract cleaning folks are in the building to clean after hours, they have unsupervised access to those files. Sure, they are not to review the files, but for lack of better safeguarding systems, we have provided access to the files so they can perform their cleaning activities. Since we have no alternative option but to provide access to the files for the cleaning folks to do their job, are we not disclosing the files based on the defination of disclosure below? Definitions - Disclosure - § 160.103 Disclosure means the release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information. Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847 -Original Message- From: Matthew Rosenblum [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 10:08 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Unlocked charts Peter, Yes, I agree. There may actually be some possible harm in executing a BAC with the janitorial service. For example, a HIPAA-compliant BAC would document that the janitorial service is responsible for using PHI on behalf of the CE, an activity that is clearly NOT intended. It would probably be preferable to engage the janitorial service in a general business contract that contains a confidentiality clause as well as some language that defines how the workers will be trained/educated and supervised in their privacy responsibilities. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management Regulatory Affairs CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 12:45 PM To: Matthew Rosenblum; [EMAIL PROTECTED] Subject: RE: Unlocked charts Matt, You might consider that a janitorial service is really not a business associate because although it may perform a function on behalf of a covered entity, PHI is not or should not be disclosed to it for the purpose of performing its janitorial functions. Any disclosure to the service would be incidental to an authorized use or disclosure or an accident and something that a covered entity should seek to avoid. Peter Peter B. Goldstein Cap Gemini Ernst Young, US LLC 9781 E. Meridian Blvd, Suite 220 Englewood, CO 80112 (720) 568-4323 (Direct) (303) 885-1492 (Cell) (413) 740-0512 (Facsimile) cap comm: 657 4653 [EMAIL PROTECTED] __ This message contains information that may be privileged or confidential and is the property of the Cap Gemini/Ernst Young Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to
RE: Unlocked charts
Thank you for your input. I agree 100% with you. Do you mind if I privately share your response with the person that misquoted Ms. Sanches's response? I hate for her to be misquoted. The person may want to recheck their notes and post a correction to the other list where they quoted her. Cindi -Original Message- From: Huber, Cheri To: Cindi Bowman; Huber, Cheri; [EMAIL PROTECTED] Sent: 3/7/03 6:52 PM Subject: RE: Unlocked charts Cindi, I totally agree that the term incidental disclosure would not apply in such instances. For an outside service provider, such as a building maintenance contractor, to actually 'access' the PHI would require physical action on the part of the service provider, such as opening a filing cabinet. That's obviously not an 'incidental' disclosure. (Unless, and this is purely facetious, the inside of the filing cabinet was being serviced.) About Ms. Sanches's response, (my apologies for misspelling her name previously), I only mean to suggest that perhaps she either did not clearly understand the question or that her response was somehow misinterpreted. I attended The HIPAA Summit West in June of 2001 at which Ms. Sanches spoke and recall that the response to a similar question was that a BA agreement was not required. Knowing that Ms. Sanches was largely responsible for the content of the OCR Guidance and having heard her speak on several occasions I have the utmost regard for both her expertise and her opinion. My previous response was directed to the statement that a business associate agreement was required in instances such as that described. I merely wanted to point out that that is incorrect and emphasize the fact that reasonable safeguards ARE required. About obtaining a BA agreement when such is not necessary, (pursuant to a strict reading of the rule and commentary), I absolutely agree there's no harm in doing so. In fact, obtaining the assurances inherent to a BA agreement is the best 'due diligence' approach. However, that isn't always an option, such as in situations where the CE has no leverage to use to persuade a service provider to enter into such an agreement which is not required by law. In those circumstances the CE must look to other means to obtain adequate assurances and should consider all such options from a risk management standpoint. Such other means may include requiring a confidentiality agreement and/or installing locks. That's a call the CE must make and, regardless of the final course of action, the reason for such decisions must be thoroughly documented. Cheri -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 12:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Unlocked charts Cheri, My position is this situation is not an incidential disclosure, do you disagree with that? It was Linda Sanchez of DHHS that said a BAA was needed. Like you, my concern is also the stipulation of your quoted text that provided reasonable safeguards are in place. I don't think an unlocked filing system to be appropriate safeguards when an outside service has complete unsupervised access to PHI. I also have a concern over the stipulation of your quoted text where any access to protected health information by such persons would be de minimus, if at all.As I stated above, the outside service has complete unsupervised access to PHI. I agree that a confidentiality agreement would provide additional safety but don't see where a BAA would cause harm, if not add additional protections where appropiate safeguards are not in place. Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847 -Original Message- From: Huber, Cheri [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:27 PM To: Cindi Bowman; WEDI SNIP Privacy Workgroup List Subject: RE: Unlocked charts Cindi, I must respectfully disagree with yours and Joanne's positions and suggest that perhaps Ms. Sanchez's comments were ambiguous enough as to permit a misunderstanding. In support of my opinion that a business associate contract is not required with a janitorial service nor a repair service, assuming such service is typical of its type, I would refer you to the commentary section of the August 14, 2002, modifications to the privacy rule. The following is from page 53252 of the Federal Register: The Department also clarifies that a business associate contract is not required with persons or organizations whose functions, activities, or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be de minimus, if at all. For example, a health care provider is not required to enter into a business associate contract with its janitorial service because the performance of such service does not involve the use or disclosure of protected health
RE: NPP and accounting for disclosures - was Medicare audits: op erations?
Doug, Thanks for the clairication for your organization. Since the Privacy Rule requires we document and retain any signed authorization as required by § 164.530(j)..for six years from the date of its creation or the date when it last was in effect, whichever is later, we have elected to store authorizations in our records, thus serving as a reference to our diclosure if we ever desire to refer back to disclosures made based on an authorization. Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 12:12 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: NPP and accounting for disclosures - was Medicare audits: op erations? Molly, Cindi: Where I was coming from is that if I made such a disclosure, I would want to know that I made it, irrespective of what the rules say I must account for. The rules don't prohibit me from doing this, just don't mandate it. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: Shek, Molly [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Friday, February 14, 2003 09:57 AM Subject: RE: NPP and accounting for disclosures - was Medicare audits: op erations? I quite agree with your assessment of the difference between Authorization and the need for Accounting of Disclosures. However, one of the exceptions to an Accounting of PHI disclosures is disclosures made pursuant to patient authorization. Molly Shek, MS, RHIA -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 8:47 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: NPP and accounting for disclosures - was Medicare audits: operations? Noel, Quite so. As you said, quite a few emails seem to overlook that the Authorization to do a certian disclosure and the actual disclosure are two separate actions and need to be addressed independantly. Don't forget that the acknowledgment of receipt of your NPP is not an Authorization for release of information. The Authorization is either separate (although it might be on the same piece of paper and/or covered by the same signature), or not required (TPO disclosures). If a disclosure is permitted (either by an Authorization or by being part of TPO), it may or may not be required to be logged. This must be determined for every type of disclosure, independantly from the need for an Authorization. I would use the following rules for determining when to log disclosures (my own hueristic, not sealed in stone): If it is not a part of routine operations, log it. If you need a separate Authorization to do the disclosure, log it. For all routine operations, determine if logging is necessary If there are any questions, err on the side of logging rather than on the side of not logging. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital Health Care Centers [EMAIL PROTECTED] This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you. - Original Message - From: Noel Chang [EMAIL PROTECTED] To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED] Sent: Friday, February 14, 2003 01:19 AM Subject: NPP and accounting for disclosures - was Medicare audits: operations? Changing the subject for a minute: I have seen several emails from people, including the one below, that have made various statements all to the effect that if you mention a particular type of disclosure in your NPP, you will not have to account for such disclosures. Anita wrote: One way a covered entity might get around having to account for disclosures made for auditing purposes is to inform