Chris, thanks for the feedback. Biggest problem, our NPP is five pages
(front and back) long. Attaching
it becomes an issue secondary to its bulk. Good point about 911 calls. We are less worried about them.
Donald L. Ribelin
HIPAA Project Manager
Firsthealth of the Carolinas
(910)
The only problem is that the "short" notice
must contain all of the elements set forth in the rule, which will still take up
quite a bit of space. Also, you still need to provide the "long" form NPP
to the patient, you cannot wait for a request to do so. Technically, you
are to provide both
On a similar note, we are a health plan and are also interested in how other
health plans are communicating authorizations with their business
associates. We have several business associates that communicate via
correspondence and provide phone call assistance to our membership. Are you
Jim,
According to
CMS, a software vendor is a business associate of a covered entity as long as
the vendorneeds access to the PHI of the covered entity in order
to provide its service. Therefore, you are only required to enter into a
BAA.
Dee Warrington Director, HIPAA and Regulatory
Beth,
The only situation
we are talking about is the emergency. You may have taken it out of context. I
hold firm that I am correct in the context of the environment we are talking
about.
OK, now reality. If
youve never run on an emergency call, you have an information deficit.
I have a question regarding releasing PHI to fully funded groups.
Are health plans considering releasing PHI to fully funded groups
provided they have a signed certification on file or are plans only releasing
summary/de-identified PHI to the fully funded groups and not using the
Carolyn,
My agreement does not tell my BA how to carry out their business obligation,
only what I expect of them in the treatment of my information. What would
be a valid reason why I should sign my software vendors agreement? Or,
please give me an example of when I should sign a vendor's
Leslie,
In general, I agree.
The vendor is attempting to reduce the load on ITS legal staff by getting its
customers to sign their version of the BAA before their cusomers write their own.
You will have to have a BAA in place with most of these entities.
It doesn't matter who originates the
In the OCR guidance that was issued in December, the very last question in
the section on BA's says this:
Q: Is a software vendor a business associate of a covered entity?
A: The mere selling or providing of software to a covered entity does
not give rise to a business associate
We're
still deciding. But right now, we're leaning towards only releasing PHI (other
than enrollment and premium info) upon authorization whether they amend or not.
All of the exceptions that would come about with some groups amending, some not,
just leaves us open to many mistakes.
As far as I am concerned, I am not signing
an agreement that a Business Associate sends to us, including our Practice
Management Software Vendor.
The PHI is in OUR possession, and if a BA
wants access to it, they can sign the agreement OUR attorney drafted. Period. I recycle the ones
11 matches
Mail list logo
