Re: SS# and e-mail

2003-11-06 Thread Vicki Hohner
I would say no, because there are places on the Internet, etc. where you
may be able to connect the SSN to a person's identity. 

Vicki Hohner
FOX Systems, Inc.
360-970-6856
360-352-4584
Information transmitted is confidential and may be proprietary to FOX
Systems, Inc.  It is intended only for the person or entity to which it
is addressed.   Anyone else is prohibited from disclosing, copying, or
disseminating the contents or attachments.  If you receive this in
error, please notify sender immediately, or us at www.foxsys.com and
delete from your system.
 Dana Frank [EMAIL PROTECTED] 11/06/03 09:33 AM 
If a social security number is not tied to any other personal
identifiers, is it okay to send via e-mail?  Any thoughts?

 

Dana M Frank

Sales Administration Manager

Dental Select

(800) 999-9789

 

CONFIDENTIALITY 
This email and any attachments are confidential and also may be
privileged.  If you are not the named recipient, or have otherwise
received this communication in error, please delete it from your inbox,
notify the sender immediately, and do not disclose its contents to any
other person, use them for any purpose, or store or copy them in any
medium.  Thank you for your cooperation.

 

 



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services.  They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org


Re: State Preemption Analyses

2003-03-21 Thread Vicki Hohner
I'm thinking I will if I get a lot of info from the listservs. I'm also
looking them up on my own, but it's quicker if you can get it from
people who already know where the treasure is buried. 

Is this something that WEDI/SNIP would be interested in putting on the
website? 

Vicki Hohner
FOX Systems, Inc.
360-970-6856
360-352-4584
Information transmitted is confidential and may be proprietary to FOX
Systems, Inc.  It is intended only for the person or entity to which it
is addressed.   Anyone else is prohibited from disclosing, copying, or
disseminating the contents or attachments.  If you receive this in
error, please notify sender immediately, or us at www.foxsys.com and
delete from your system.
 Max Bumbalough [EMAIL PROTECTED] 03/21/03 16:12 PM 
Vicki,

After you have rounded up this info, is that something you are willing
to 
share with the listserv?

Thanks

Max Bumbalough






From: Vicki Hohner [EMAIL PROTECTED]
Reply-To: Vicki Hohner [EMAIL PROTECTED]
To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED]
Subject: State Preemption Analyses
Date: Fri, 21 Mar 2003 15:24:43 -0700

I'm trying to round up websites or documents for as many state
preemption analyses that are available as I can get. If you are aware
of
documents and/or sites for your state or others, can you please send? I
know some of this went around recently, but of course I didn't need it
then. Thank you!

Vicki Hohner
FOX Systems, Inc.
360-970-6856
360-352-4584
Information transmitted is confidential and may be proprietary to FOX
Systems, Inc.  It is intended only for the person or entity to which it
is addressed.   Anyone else is prohibited from disclosing, copying, or
disseminating the contents or attachments.  If you receive this in
error, please notify sender immediately, or us at www.foxsys.com and
delete from your system.

---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The 
discussions on this listserv therefore represent the views of the 
individual participants, and do not necessarily represent the views of
the 
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official 
opinion, post your question to the WEDI SNIP Issues Database at 
http://snip.wedi.org/tracking/.   These listservs should not be used
for 
commercial marketing purposes or discussion of specific vendor products
and 
services.  They also are not intended to be used as a forum for
personal 
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same 
as the address subscribed to the list, please use the
Subscribe/Unsubscribe 
form at http://subscribe.wedi.org


_
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org


RE: HIPAA privacy and people - comparison to 42 C.F.R. Part 2 (Alcohol and Drug Patient Privacy)

2003-01-22 Thread Vicki Hohner
I have been doing a lot of work with substance abuse programs and HIPAA,
and while not deeply familar with 42 CFR protections we have identified
that there are limited areas of overlap with HIPAA privacy. Many subject
to 42 CFR mistakenly believe that the fact that they comply with this
law, which is more stringent in its use and disclosure requirements,
means they are exempt from complying with HIPAA. However, note that
there are only a few overlaps between the two: primarily with uses and
disclosures/minimum necessary, authorizations, and some limited parts of
individual rights. This leaves a lot more under HIPAA that is not
addressed in 42 CFR--all the policies and procedures, the privacy
officer, business associate terms, the notice of privacy practices, and
accounting of disclosures, to name a few. Note also that the definitions
of what information is protected is broader under HIPAA than under 42
CFR. 

My understanding is that the feds (SAMHSA/CSAT) are working on a
comparison matrix between the two--no idea when that may be available.  

Vicki Hohner
FOX Systems, Inc.
360-970-6856
360-352-4584
Information transmitted is confidential and may be proprietary to FOX
Systems, Inc.  It is intended only for the person or entity to which it
is addressed.   Anyone else is prohibited from disclosing, copying, or
disseminating the contents or attachments.  If you receive this in
error, please notify sender immediately, or us at www.foxsys.com and
delete from your system.
 Darrell Rishel [EMAIL PROTECTED] 01/20/03 08:57 AM 
Matt-

I'll take a stab at answering your question. Please remember that in an
effort to keep it relatively brief, this is a fairly simplistic,
high-level
overview.

Under 42 C.F.R. Part 2 (which I'll refer to as the AOD (Alcohol and
Other
Drugs)regs), disclosure within a program is allowed on a need-to-know
basis  without the consent of the patient. This internal disclosure is
limited to personnel having a need for the information in connection
with
their duties which arise out of the provision of diagnosis, treatment,
or
referral for treatment. In practice, I think this is very close to, if
not
the same as, the HIPAA use definition. Although the AOD regs do not
require a formal minimum necessary analysis, the concept of only
disclosing
the minimum amount of information necessary to accomplish the purpose
for
making the disclosure is clearly embedded in the regs.

It is the disclosure to external entities where, especially with the
adoption of the August, 2002, HIPAA changes, a wide gap remains between
the
two sets of regs. While HIPAA allows treatment providers to disclose PHI
for
treatment and payment (even another provider's payment) without the
patient's written consent, the AOD regs absolutely prohibit such
disclosures
related to payment, and disclosures for treatment (except for medical
emergencies) require that a written agreement be in place and that the
services which the external provider render be something different than
what
the primary provider is providing. This written agreement is known in
the
AOD regs as a Qualified Service Organization Agreement (QSOA, for
short). A
QSOA is akin to a BA agreement, though much shorter and less
complicated,
charachteristics which are, unfortunately, soon to be a thing of the
past.
While a QSOA can be used in limited circumstances for treatment (the
biggest
problem is that we cannot have one with another AOD provider), its most
common use is for operations, just as the HIPAA BA agreement will be
used
(e.g., we have a QSOA with our auditor, or outside attorneys, the
company
which prints and sends out our bills, the lab which analyzes the urine
specimens we collect, etc.). But, if we want to be able to bill an
insurance
company or any other third party payer, we have to have the patient's
written consent (in fact, we cannot even call to get pre-authorization
without written consent; how's that for customer friendly?). If we want
to
refer the patient to another health care provider, of whatever type, or
consult with another provider (like their primary care provider) who has
seen the patient, we must have the patient's written consent unless the
situation fits within the pretty narrow exception where a QSOA can be
used
and we have (or can get) one in place (the logistics and pain of trying
to
get a QSOA with all of those providers, which make doing so pretty
impracticle). The requirements in the AOD regs for a valid written
consent
are very similar to those for a HIPAA authorization: who is disclosing
the
information, to whom is the information being disclosed, what
information is
being disclosed and why is it being disclosed, there must be a
reasonble,
identifiable expiration date, the patient must be able to revoke the
consent
at any time (one specific exception here for persons referred by an
element
of the criminal justice system where treatment is a part of the
disposition), the name of the patient, the patient's signature and the
date