Without going into a lot of discussion about the difference between the
plan sponsor and plan administrator activities, the plan administrator
is responsible for this. If you are also the plan administrator, than
you have both responsibilities. Your SPD should state who is the plan
We issue prescriptions to our employees and their families at the hospital pharmacy.
Do we need to list the pharmacy as a separate entity in our NPP or not? There seems to
be debate on how they should be categorized.
CIO/Chief Privacy Officer
Burke Rehabilitation Hospital
I think you need to analyze how the pharmacy is legally set up at your
hospital. We also have a pharmacy on-site, and while we treat it as any
other department internally, it legally is a separate company. We
documented an Affiliated Covered Entity (ACE) between the two and listed
I agree with your opinion that you don't have to ask, but a
check-off line in the sign-in form would be nice. It would also document
that the option had indeed been offered, and since, in this game, documentation
is everything, that would be a Good Thing.
The opinions expressed here
Doug, while I agree it would be nice; I tend to doubt this will be the
common practice. Asking every admission if they want to opt-out of the
facility directory would be costly. We (providers) are already concerned
about the costs (in time and money) we will incur secondary to the
Another clearinghouse question
164.506 (c)(4) states that (paraphrased):
'A covered entity may disclose protected health information to another
covered entity for health care operations of the entity that receives the
information, if both covered entities has or had a relationship with the
We are a covered entity as a clearinghouse. We are also a business
associate to medical providers.
The rules require keeping records of disclosures outside of TPO for six
years. At termination of business associate agreement the rules require
return or destruction of all PHI if feasible. How
"164.510 - Uses and disclusres requiring an opportunity
for the indiviudal to agree or to object " . The citation even says that
"the entity may orally inform the individual ofand obtain
the individual's oral agreement or objection to a use or disclusire permitted by
this section". In the
In the final security document, you have standards. Some standards have implementation
specifications and others do not. On the
standards that do have them, they are REQUIRED or ADDRESSABLE. On the ones that do not have specifications,
are they Required?
I understand that you do have to ask a patient if they wish to have the clergy receive
their names in the directory; however, does the same requirement apply if the clergy
member is a member of the covered entity's workforce, like a chaplain of a hospital?
The WEDI SNIP listserv to which
Hi, David and Bonnie.
It's important to keep two terms distinct: plan administration functions
(which is a Privacy Rule term) and plan administrator (which is an ERISA
The plan administrator (which, under ERISA, is the plan sponsor unless the
plan document says otherwise) has certain
that knowing that is much help in figuring out what you need to do . .
John R. Christiansen Preston | Gates |
Ellis LLP 925
Fourth Avenue, Suite 2900 Seattle, Washington
98104 (Direct: 206.370.8118 (Cell:
206.683.9125 * [EMAIL PROTECTED] Notice: Internet e-mail is inherently
Regarding complaints filed with the Secretary of DHHS, the Privacy Rule states in
160.306 (b)(3) that a complaint must be filed within 180 days of when the complainant
knew or should have known.
Can a covered entity specify a shorter time frame for an individual filing a complaint
I have been encountered with a tricky BA question and hope someone can
provide some insight.
Insurance companies engage certain agencies to audit provider records to
verify if what the hospital billed was correct and if the insurance company
has overpaid. Since these audit agencies are engaged by
The opinions expressed here are my own and not necessarily the opinion of
Douglas M. WebbComputer System EngineerLittle Company of Mary
Hospital Health Care Centers[EMAIL PROTECTED]
"This electronic message may contain information that is confidential
In your explanation, you state that if you are a self-insured plan and you
contract out EVERYTHING to a third party administrator (TPA), you are not
spared ANY of the requirements of the Privacy Rule. You must still prepare
and distribute an NPP to your participants and satisfy all of the
Title: PRIVACY: BA Agreements
I have drafted a BA Addendum and a BA Agreement. We will use the addendum with anyone we have a contract with. However, there are certain entities that do fee-for-service for us and do not have contracts (printing companies, lawyers, temp agencies, etc.) For
What I meant by my comment is that a group health plan's relationship to a
health insurance issuer and its relationship to a TPA are associated with
radically different legal responsibilities under the Privacy Rule, even
where the two relationships are functionally equivalent. This is
The way I read the Privacy Rule, a plan sponsor
that self-insures will always bear the ultimate responsibility for complying
with the Privacy Rule and will not be treated as functionally equivalent to a
plan sponsor that insures benefits, even if the self-insuring plan sponsor
Foerster Associates, Ltd.
email: [EMAIL PROTECTED]
transmission may be confidential or protected from disclosure and is only for
Mail list logo