Privacy vs. Security Compliance
The covered entities have time till April 21, 2005 to comply with the final Security regulations. However, Privacy compliance deadline is April 14, 2003. Now, Privacy compliance also requires some safeguards that are actually defined in the Security regulation. How do we deal with this paradox? (Privacy protection does not have much meaning without Security being in place). I am trying to come up with a list of minimum safeguards that can be practically put in place by April 14, 2003 - such as - Physical access control and workstation security. I wanted to see what others are doing in this regard and if they have a "minimum necessary" security compliance list. Regards, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
A tricky BA Questions
I have been encountered with a tricky BA question and hope someone can provide some insight. Insurance companies engage certain agencies to audit provider records to verify if what the hospital billed was correct and if the insurance company has overpaid. Since these audit agencies are engaged by the Insurance Companies they will be the BA of the Insurance companies. However, they are going to a provider facility to verify the records, My questions are: 1. Are they allowed to do this under the HIPAA law? If yes, what type of relationship will they have with the provider? 2. If a payer engages an agency to audit provider records does the payer become the BA of the provider? Regards, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Notice for indirect health care providers?
Laura, Yes you can file a complaint as a 'whistleblower'. Complaints can be filed by patients, workforce members or others who become aware of or suspect violation of privacy regulations by a provider. Regards, Vikas -Original Message- From: LAURA HEMINGWAY [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 10:57 AM To: WEDI SNIP Privacy Workgroup List Cc: WEDI SNIP Privacy Workgroup List Subject: Notice for indirect health care providers? I was training some of our staff last week and was asked a question that I did not know how to answer. I'm sure someone out there has an answer. What if I as a customer in a doctor's office become aware of the doctor's office disclosing some aspect of another customer's PHI information without their knowledge. For example, the receptionists are talking openly about the other customer's condition, economics, etc. Can I file a complaint with the OCR on behalf of the other customer? --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Are DME Vendors BA?
Hello, Had a question about vendors of DME (Durable Medical Equipment). If a Provider contacts a DME vendor and informs about a patient who needs a DME for home care, does the provider need to have a BA with the DME vendor before this can be done? Or would this be treated as part of treatment? Regards, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Are state Medicaid intermediaries BAs?
Are State Medicaid intermediaries (and Medicare intermediaries) BA of the providers who submit claims through these systems? My conclusion is no as they arte not acting on behalf of the providers but more on the behalf of Medicaid. But at the same time they have access to PHI even though they are not directly the payers. Will appreciate confirmation/refutation of my understanding. Regards, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org