Re: E-mail Microsoft Exchange Server

2003-03-05 Thread William J. Kammerer
This discussion involving techno-geek talk belongs more appropriately on the WEDI SNIP Security Workgroup List. Can we continue it there? See the thread Re: E-mail Microsoft Exchange Server in the archives at http://www.mail-archive.com/wedi-security%40lists.wedi.org/. To subscribe to the WEDI

Application Audit Trails

2003-03-05 Thread Gregory Park
I am looking for public opinion in this question, for I know that there is little specific language on this point (or is there). In regards to Application Audit Trails, to what level of audit do you expect your applications to present? For instance, do you want to know if your users have

JCAHO BAA

2003-03-05 Thread Teri Baskett
On that BA thread, we just recieved a letter from JCAHO wanted us to complete their BAA form. Following previous messages, shouldn't I (since I'm the CE) be sending them our form, and we shouldn't be signing their's? Teri Baskett, CISO LifeSpring [EMAIL PROTECTED] ---

Fundraising Question

2003-03-05 Thread Patricia Conroe
Our hospital foundation is responsible for fundraising. For about 5 years they have not used patient information for their fundraising. They purchase lists through other companies and they have created their own donor base based on who's donated before. They send information to the donor

OCHA Answer and Disclosure Question

2003-03-05 Thread Kathy Findley
Hello All! Recently I asked a question about members of an Organized Health Care Agreement and the issue of naming their Privacy Officer or Contact Person in a joint Notice of Privacy Practices? Further reading has indicated that each entity would have to have their own Privacy Officer, conduct

Re: Fundraising Question

2003-03-05 Thread Doug Webb
Patricia, Your NPP should state that PHI will not be used for these purposes. A opt out isn't necessary whennobody,s in. To clarify things for your patients, you may wish to mention that the foundation uses independantly-generated lists that contain no PHI. The opinions expressed here are

Re: JCAHO BAA

2003-03-05 Thread Doug Webb
Teri, In theory, yes. In practice, they're the 800-pound gorilla. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital Health Care Centers[EMAIL PROTECTED] "This electronic message may

RE: Fundraising Question

2003-03-05 Thread Ribelin, Donald
IMHO, if you are not going to use your patient's PHI for fundraising, do not include it in your NPP. Should you decide to change your practice, you will need to change your NPP and announce the change before your practice is changed. Donald L. Ribelin HIPAA Project Manager Firsthealth of the

FW: JCAHO BAA

2003-03-05 Thread Halfhill, Annette
Interestingly, I just happened across a letter to JCAHO from the AHA requesting changes to their BA agreement to make it compliant with HIPAA on the AHA members only website. -Original Message- From: Teri Baskett [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 9:31 AM To:

Internet Pagers Privacy

2003-03-05 Thread Paul Weber
I'm looking for some input on a scenario that was recently presented. To wit... What are the ramifications relative to HIPAA Privacy where communications containing PHI to alphanumeric pagers held by remote nursing staff are initiated via internet e-mail? For example, a patient coordinator

Re: Minimum necessary

2003-03-05 Thread Noel Chang
I am not a transactions expert but aren't eligibility inquiry and the response both covered transactions? If yes, all covered transactions are exempt from the minimum necessary standard. Here is an excerpt from the December OCR Guidance to that effect: Q: Doesn’t the HIPAA Privacy Rule’s