This discussion involving techno-geek talk belongs more appropriately on
the WEDI SNIP Security Workgroup List. Can we continue it there? See
the thread Re: E-mail Microsoft Exchange Server in the archives at
http://www.mail-archive.com/wedi-security%40lists.wedi.org/.
To subscribe to the WEDI
I am looking for public opinion in this question, for I know that there is
little specific language on this point (or is there).
In regards to Application Audit Trails, to what level of audit do you expect
your applications to present? For instance, do you want to know if your
users have
On that BA thread, we just recieved a letter from JCAHO wanted us
to complete their BAA form. Following previous messages,
shouldn't I (since I'm the CE) be sending them our form, and we
shouldn't be signing their's?
Teri Baskett, CISO
LifeSpring
[EMAIL PROTECTED]
---
Our hospital foundation is responsible for fundraising. For about 5 years they have
not used patient information for their fundraising. They purchase lists through other
companies and they have created their own donor base based on who's donated before.
They send information to the donor
Hello All!
Recently I asked a question about members of an Organized Health Care
Agreement and the issue of naming their Privacy Officer or Contact Person in
a joint Notice of Privacy Practices?
Further reading has indicated that each entity would have to have their own
Privacy Officer, conduct
Patricia,
Your NPP should state that PHI will not be used for these
purposes. A opt out isn't necessary whennobody,s in.
To clarify things for your patients, you may wish to mention
that the foundation uses independantly-generated lists that contain no
PHI.
The opinions expressed here are
Teri,
In theory, yes. In practice, they're the 800-pound
gorilla.
The opinions expressed here are my own and not necessarily the opinion of
LCMH.
Douglas M. WebbComputer System EngineerLittle Company of Mary
Hospital Health Care Centers[EMAIL PROTECTED]
"This electronic message may
IMHO, if you are not going to use your patient's PHI for fundraising, do not
include it in your NPP. Should you decide to change your practice, you will
need to change your NPP and announce the change before your practice is
changed.
Donald L. Ribelin
HIPAA Project Manager
Firsthealth of the
Interestingly, I just happened across a letter to JCAHO from the AHA
requesting changes to their BA agreement to make it compliant with HIPAA on
the AHA members only website.
-Original Message-
From: Teri Baskett [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 9:31 AM
To:
I'm looking for some input on a scenario that was recently presented. To wit...
What are the ramifications relative to HIPAA Privacy where communications containing
PHI to alphanumeric pagers held by remote nursing staff are initiated via internet
e-mail?
For example, a patient coordinator
I am not a transactions expert but aren't eligibility inquiry and the
response both covered transactions?
If yes, all covered transactions are exempt from the minimum necessary
standard. Here is an excerpt from the December OCR Guidance to that effect:
Q: Doesnt the HIPAA Privacy Rules
11 matches
Mail list logo
