|
Gregory,
We just do not send any e-mails containing PHI. It might
be something to consider when the ordinary patient has encryption/decrpytion
capability for e-mail that is easy enough to use that a technoLuddite can use
it.
We do contact Web sites that are capable of secure sessions to
check on claims status.
The opinions expressed here are my own and not necessarily the opinion of
LCMH.
Douglas M. Webb Computer System Engineer Little Company of Mary
Hospital & Health Care Centers [EMAIL PROTECTED]
"This electronic message may contain information that is confidential
and/or legally privileged. It is intended only for the use of the individual(s)
and entity(s) named as recipients in the message. If you are not an
intended recipient of the message, please notify the sender immediately,
delete the material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."
----- Original Message -----
Sent: Monday, March 24, 2003 03:22
PM
Subject: RE: New to this list, have two
questions.
Doug, I in
no way disregard the need to encrypt email. I am a big proponent of it,
just not sure which is the best approach at the moment (see previous emails to
this list-serve). Email was at risk at the same level before or after
the regulations. The heart of my question (because I am not sure what
exactly is the right answer) is how do YOU (stand up healthcare community)
approach the issue?
Are you
dropping the electronic door now because your current methods for
electronically delivering PHI, in relation to the recent Security Regs,
may fall outside your security analysis, or do you manage the process now with
internal policies moving towards a technological fix well before the
regulation due dates?
Greg Park
Product Manager
DB
Technology
Inc.
Office:
800-760-4096
x117
Cell:
484-919-0392
PA Office: 610-397-0288
www.dbtech.com
Gregory,
Just to amplify on Judith's remarks,
You are exposed to the risk NOW, not when the final
Security Rule fully kicks in.
You are accepting a huge risk anytime you expose PHI to
the Internet. Remenber that any of the millions of computers on the
net can read this if they so choose. Strong encryption appears to be
the only way to protect PHI on the Internet.
If you would consider putting the information on a post
card, perhaps it might be far enough away from PHI to consider mentioning it
in an e-mail. E-mail can be accessed by many more people than typical
a post card will be exposed to.
As to your third question, there are four (at least) WEDI
listserves that cover various portions of the topics you
mentioned:
Privacy, Security, Transactions, and Code
Sets.
Pick the ones that serve your needs the best.
The opinions expressed here are my own and not necessarily the opinion
of LCMH.
Douglas M. Webb Computer System Engineer Little Company of Mary
Hospital & Health Care Centers [EMAIL PROTECTED]
"This electronic message may contain information that is confidential
and/or legally privileged. It is intended only for the use of the
individual(s) and entity(s) named as recipients in the message. If you
are not an intended recipient of the message, please notify the sender
immediately, delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."
----- Original Message -----
Sent: Monday, March 24, 2003 02:10
PM
Subject: RE: New to this list, have
two questions.
This was part of our privacy audit due to the
following reg:
§ 164.530 Administrative
requirements.
(c)
(1) Standard: safeguards. A covered entity must have in
place appropriate administrative, technical, and physical
safeguards to protect the privacy of protected health
information.
(2)
Implementation specification: safeguards.
(I)
A
covered entity must reasonably safeguard protected health information from
any intentional or unintentional use or disclosure that is in violation of
the standards, implementation specifications or other requirements of this
subpart.
We knew this was an issue, so we took the "no email
to patients" approach also. In our opinion, It is just too big
of a risk.
Judith Bentz-Miller
Privacy Officer
Arnett Clinic
765-448-8843
-----Original
Message-----
From: Gregory Park
[mailto:[EMAIL PROTECTED]
Sent: Monday, March 24, 2003 3:01
PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE:
New to this list, have two questions.
One follow-up question/remark/plead for public
opinion to your response Deborah.
"...no PHI will be sent via email..." Is that now or
when? Are you considering yourself at risk now because of the
ruling? Just curious as I have heard others in the field drop the
"PHI Email" gate immediately as soon as they understood the Security
rules. Wouldn't you continue as usual and work towards a
reasonable solution effective before 2005?
Greg Park
Product Manager
DB
Technology
Inc.
Office:
800-760-4096
x117
Cell:
484-919-0392
PA Office: 610-397-0288
www.dbtech.com
Here's my opinion. I'd be interested if anyone has
other opinions.
1) An email is unprotected as
soon as it is sent over the internet. Almost anyone can intercept it.
So you need to determine your risk and what you want to do to
eliminate it. We have determined that no PHI will be sent via email
until we have an encryption solution.
2) It depends what the Case Manager is doing. If they
are working "on behalf of
the insurance
carrier, then they are either an employee of the carrier or a BA of
the carrier. If they are doing Quality Assurance on behalf of the
carrier, you are permitted to release PHI to them without the need of
any contract with them (the carrier would have the contract). Check §
164.506(c)(4) of the August revisions of the Privacy Rule.
Deborah
Deborah
Campbell
Compliance Coordinator
Dominion Dental Services, Inc.
115 South Union Street, Suite 300
Alexandria, Virginia 22314
Phn: (703) 518-5000 ext. 3035
Fax: (703) 518-8849
Toll Free:
888-518-5338
Email:
[EMAIL PROTECTED]
*******************************************
The information in this email is confidential and may
be legally privileged. It is intended solely for the
addressee. Access to this email by anyone else is
unauthorized.
If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it is prohibited and may be unlawful.
*********************************************************************
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 24, 2003 9:25 AM
To: WEDI SNIP Privacy Workgroup List
Subject: New to this list, have two questions.
Hello List,
I am new to this list, so please be patient with me,
if I ask any questions
that have been
addressed repeatedly in the past. Anyway, I am the HIPAA
Privacy Officer for a Physician's Group
Practice and have just recently
finished our
first round of "Privacy Training and Education" for the group.
Two questions came up that I could not answer
specifically:
1) Is
there specific direction as to what we can and can not discuss
during
e-mails between the clinic and patient; and
2) Do
we need a contract between Nurse Case Manager's that come in
to our
office to discuss treatment plans with our doctors (that are
contracted
by the Insurance Carrier) and our Physician's Group to satisfy
"Business
Associate Policy" portion of our HIPAA Privacy Rule policies?
I appreciate any information available. Also,
please let me know if there
are other
"List-Serves" that are more specific to
"Healthcare Privacy, Security &
Electronic
Transactions."
Thank You,
Daryl Ewing,
CPC
RPK Anesthesia,
P.A.
---
The WEDI SNIP listserv to
which you are subscribed is not moderated. The discussions on this
listserv therefore represent the views of the individual participants,
and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion,
post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes
or discussion of specific vendor products and services. They
also are not intended to be used as a forum for personal disagreements
or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe
from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send
a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email
address is not the same as the address subscribed to the list, please
use the Subscribe/Unsubscribe form at http://subscribe.wedi.org ---
The
WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database
at http://snip.wedi.org/tracking/. These listservs should not be used
for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a
forum for personal disagreements or unprofessional communication at
any time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a
blank email to [EMAIL PROTECTED]
If you
need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed
is not moderated. The discussions on this listserv therefore represent
the views of the individual participants, and do not necessarily
represent the views of the WEDI Board of Directors nor WEDI SNIP. If you
wish to receive an official opinion, post your question to the WEDI SNIP
Issues Database at http://snip.wedi.org/tracking/. These listservs
should not be used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not intended to be
used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to
wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list,
go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or
send a blank email to [EMAIL PROTECTED]
If
you need to unsubscribe but your current email address is not the same
as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is
not moderated. The discussions on this listserv therefore represent the
views of the individual participants, and do not necessarily represent the
views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive
an official opinion, post your question to the WEDI SNIP Issues Database
at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|
