Diana,
With respect to Privacy, your mailer would be equivalent to a
sealed envelope IF the layout was such that no PHI were visable without breaking
one of your seals.
Now with respect to Security, it seems to be pretty weak
security. I would not recommend this as a long-term solution.
I have a question on the right to amend the patients designated record set.
If a patient makes a request post 4/15/03 to have an amendment made to
information from 2002, Are we obligated to make that amendment?
In this case, the request is not to correct incorrect information, but to
add
I believe the patient can REQUEST any information in the DRS be changed,
regardless of date. (You may be thinking of the accounting of disclosure,
which does have a pre 4/15/03 exception.)
However, you are NOT OBLIGATED to accept an amendment. If you cannot
corroborate it, I would deny it and
I am in the process of reviewing a contact which will entail an agreement
between us (a covered entity) and the contractor (another covered entity) in
which the contractor will provide cancer screening/diagnostic tests to a
specific category of women (income guidelines, age, etc.) per grant
Rachel and Wendy,
I'm going to respectfully disagree. If my physician sends me to an imaging
facility for x-ray, would that not be a treatment relationship? My
understanding is that two CE's collaborating on treatment do not require a
BAA. What is different here?
Regards,
Roger Wernow
RMW
Roger, the key difference in this scenario and which brought me to my
conclusions is this statement by Wendy:
. . . the contractor is providing this service on our behalf, for us, and
are receiving money from us to provide these services.
Therefore, the contractor is providing treatment
Wendy,
If this contractor was just running tests for you, I would say a BAA is in order. Since the contractor is a provider, is running diagnostic tests, is interpreting those tests, and sending you (the referring agent) the results and recommendations, I would say they are engaging in
I tend to agree, Rachel, that on its face the relationship described by
Wendy meets the definition of a BA relationship. However, I must point out
that (my recollection of) the Rule as well as language from both the
Preamble and subsequent guidances refer to business associate activities as
being
I guess my heartburn with this one is that this is the not the normal
indirect treatment relationship which we'd normally have with another
covered entity. This is for contracted services. We receive grant money,
and in turn we contract with a hospital to provide breast and cervical
cancer
Health care providers often send out patients or specimens for tests. They also often
bill the patients for those services and then pay the entity performing the tests. As
a patient, I like this as I get a consolidated bill. The example below is exactly
this relationship. If this
Wendy:
I can see why you are concerned. DHHS has not addressed this question
directly. But the text of the Privacy Rule, and DHHS statements suggest
that this relationship is not one that requires a BA agreement. Here is the
logic:
1. (a) A business associate agreement is not required for
Wendy,
Just to add my own humble opinion
I think that Errick has a good point - one worth emphasizing. Don't let the
flow of money confuse the issue. The definition of business associate does
not mention who is paying who; just what is done, and for whom. I think
what you have to look at
Wendy,
What is the dilemma? From your description (below) it sounds as though the
contractor is providing diagnostic screenings and tests akin to those
provided by a laboratory or other indirect treatment provider. Though the
contractor's treatment services are paid-for by the CE does not
13 matches
Mail list logo