RE: Business associates

[Craig Moen]

Traci-
 
Additionally, in our situation the clouding 
factor is that we do not actively supervise these folks and they then as a 
nature of that relationship do work on "our behalf"  making them a business 
associate and not an "extension of the workforce"  Just how we have decided 
to handle it at this point
 
Craig
 
Confidential 
Information
This email message is intended only for the 
person or entity to which it is addressed. Unless otherwise indicated or obvious 
by the nature of this transmittal, the information contained in this email 
message is privileged and confidential, intended for the use of the intended 
recipient (or the employee or agent responsible to deliver to the intended 
recipient), you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you are not the 
intended recipient, please contact the sender by reply email and destroy all 
copies of the original message
THERAPY 2000
1881 Sylvan Avenue Suite 
210
Dallas, Tx 75208

  -Original Message-From: Traci Winter 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, March 26, 2003 9:48 
  AMTo: WEDI SNIP Privacy Workgroup ListSubject: Business 
  associates
  I keep going around and around on this topic. We have a few contracts 
  with outside agencies that provide us will supplemental nursing/home health 
  aide services. We provide them with the pertinent info about a patient and 
  they provide services to the patient under our control & supervision. The 
  forms and documentation completed are those provided by our agency and are 
  submitted to our agency within a week of services.
   
  I can't come to a definite decision on whether we need to generate a 
  HIPAA compliant BAC/BAA or not.
   
  Input appreciated, thanks in advance.
   
  Traci Winter
  Hospitals Home Health Care, Inc.
  Fulton, NY 13069---The WEDI SNIP listserv to which you are 
  subscribed is not moderated. The discussions on this listserv therefore 
  represent the views of the individual participants, and do not necessarily 
  represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish 
  to receive an official opinion, post your question to the WEDI SNIP Issues 
  Database at http://snip.wedi.org/tracking/. These listservs should not be used 
  for commercial marketing purposes or discussion of specific vendor products 
  and services. They also are not intended to be used as a forum for personal 
  disagreements or unprofessional communication at any time.You are 
  currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To 
  unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org or send a blank email to 
  [EMAIL PROTECTED]If you need to unsubscribe but 
  your current email address is not the same as the address subscribed to the 
  list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Business associates

[Craig Moen]

Traci-
 
I, along with you,have gone around and 
around on this topic.  I have never been given a definite answer and it 
appears to be one of personal choice.  We provide similiar services as 
you.  Ou legal counsel has instructed us to draft a simple language 
business associate agreement.  In addition providing them with the 
education that we have provided to our own staff about what our HIPAA policies 
and procedures will be.
 

Craig Moen, MPT Director of Rehabilitation THERAPY 
2000 
Confidential 
Information
This email message is intended only for the 
person or entity to which it is addressed. Unless otherwise indicated or obvious 
by the nature of this transmittal, the information contained in this email 
message is privileged and confidential, intended for the use of the intended 
recipient (or the employee or agent responsible to deliver to the intended 
recipient), you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you are not the 
intended recipient, please contact the sender by reply email and destroy all 
copies of the original message
THERAPY 2000
1881 Sylvan Avenue Suite 
210
Dallas, Tx 75208

  -Original Message-From: Traci Winter 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, March 26, 2003 9:48 
  AMTo: WEDI SNIP Privacy Workgroup ListSubject: Business 
  associates
  I keep going around and around on this topic. We have a few contracts 
  with outside agencies that provide us will supplemental nursing/home health 
  aide services. We provide them with the pertinent info about a patient and 
  they provide services to the patient under our control & supervision. The 
  forms and documentation completed are those provided by our agency and are 
  submitted to our agency within a week of services.
   
  I can't come to a definite decision on whether we need to generate a 
  HIPAA compliant BAC/BAA or not.
   
  Input appreciated, thanks in advance.
   
  Traci Winter
  Hospitals Home Health Care, Inc.
  Fulton, NY 13069---The WEDI SNIP listserv to which you are 
  subscribed is not moderated. The discussions on this listserv therefore 
  represent the views of the individual participants, and do not necessarily 
  represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish 
  to receive an official opinion, post your question to the WEDI SNIP Issues 
  Database at http://snip.wedi.org/tracking/. These listservs should not be used 
  for commercial marketing purposes or discussion of specific vendor products 
  and services. They also are not intended to be used as a forum for personal 
  disagreements or unprofessional communication at any time.You are 
  currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To 
  unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org or send a blank email to 
  [EMAIL PROTECTED]If you need to unsubscribe but 
  your current email address is not the same as the address subscribed to the 
  list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: Business associates

[Noel Chang]

Sounds to me like you should treat them as a member of your workforce, which 
I believe would obviate the need for a BAA.

Noel Chang
Integral Practice Solutions
--
Open WebMail Project (http://openwebmail.org)


-- Original Message ---
From: "Traci Winter" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Wed, 26 Mar 2003 10:47:59 -0500
Subject: Business associates

> I keep going around and around on this topic. We have a few 
> contracts with outside agencies that provide us will supplemental 
> nursing/home health aide services. We provide them with the 
> pertinent info about a patient and they provide services to the 
> patient under our control & supervision. The forms and documentation 
> completed are those provided by our agency and are submitted to our 
> agency within a week of services.
> 
> I can't come to a definite decision on whether we need to generate a 
> HIPAA compliant BAC/BAA or not.
> 
> Input appreciated, thanks in advance.
> 
> Traci Winter
> Hospitals Home Health Care, Inc.
> Fulton, NY 13069
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. 
> The discussions on this listserv therefore represent the views of 
> the individual participants, and do not necessarily represent the 
> views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> receive an official opinion, post your question to the WEDI SNIP 
> Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> should not be used for commercial marketing purposes or discussion 
> of specific vendor products and services.  They also are not 
> intended to be used as a forum for personal disagreements or 
> unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: 
> [EMAIL PROTECTED] To unsubscribe from this list, go to the 
> Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a 
> blank email to [EMAIL PROTECTED] If you 
> need to unsubscribe but your current email address is not the same 
> as the address subscribed to the list, please use the 
> Subscribe/Unsubscribe form at http://subscribe.wedi.org
--- End of Original Message ---


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Business associates

[Traci Winter]

I keep going around and around on this topic. We have a few contracts with 
outside agencies that provide us will supplemental nursing/home health aide 
services. We provide them with the pertinent info about a patient and they 
provide services to the patient under our control & supervision. The forms 
and documentation completed are those provided by our agency and are submitted 
to our agency within a week of services.
 
I can't come to a definite decision on whether we need to generate a HIPAA 
compliant BAC/BAA or not.
 
Input appreciated, thanks in advance.
 
Traci Winter
Hospitals Home Health Care, Inc.
Fulton, NY 13069
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Tracking Disclosures by Business Associates

[Ron Moore]

From the OCR Guidelines published Dec 3, 2003: (Key point 
concerning shredding is underlined.  It specifically addresses on-site 
versus off-site shredding services.)
 
 Q: Is a business associate contract required with 
organizations or persons where inadvertent contact with protected health 
information may result - such as in the case of janitorial 
services?  A: A business associate contract is not 
required with persons or organizations whose functions, activities, or services 
do not involve the use or disclosure of protected health information, and where 
any access to protected health information by such persons would be incidental, 
if at all.  Generally, janitorial services that clean the offices or 
facilities of a covered entity are not business associates because the work they 
perform for covered entities does not involve the use or disclosure of protected 
health information, and any disclosure of protected health information to 
janitorial personnel that occurs in the performance of their duties (such as may 
occur while emptying trash cans) is limited in nature, occurs as a by-product of 
their janitorial duties, and could not be reasonably prevented.  Such 
disclosures are incidental and permitted by the HIPAA Privacy Rule.  See 45 
CFR 164.502(a)(1).  If a service is 
hired to do work for a covered entity where disclosure of protected health 
information is not limited in nature (such as routine handling of records or 
shredding of documents containing protected health information), it likely would 
be a business associate.  However, when such work is performed under the 
direct control of the covered entity (e.g., on the covered entity's premises), 
the Privacy Rule permits the covered entity to treat the service as part of its 
workforce, and the covered entity need not enter into a business associate 
contract with the service. 
 
Ron MooreState HIPAA Coordinator1201 Main Street, Suite 
850Columbia, SC   29201Phone:   803-737-0627[EMAIL PROTECTED]www.hipaa.state.sc.us>>> 
Jason Brege <[EMAIL PROTECTED]> 03/11/03 11:36AM >>>
I 
would have originally thought disposal was operations as well, but 
when I looked at the definition of healthcare operations in 164.501, it really 
seemed like a stretch.  It doesn't fit into any of the 6 main 
areas under this definition: 1.Quality assessment and improvement activities, 
2.Reviewing the competence or qualifications of health care professionals, 
3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning and 
development, 6.Business management.  The only place to squeeze it in would 
be Business Management, but shredding documents doesn't seem to really fit with 
the 5 "included but not limited to" examples under that part.  It really 
just depends on your legal counsel and how your risk assessments see this 
issue.  Practically, I think it would be absolutely insane to account for 
every piece of PHI on every piece of paper that you destroy.  I think there 
are ways to justify this as Business Management, and I think your documentation 
of this decision would be key.  I believe this is one reason why 
most entities have just brought shredders or shredding companies 
onsite.  
 
Thanks,
 
Jason 
Brege
Clinton A. Harkins, P.C.

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 
  2003 11:18 AMTo: [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]Subject: RE: Tracking Disclosures by 
  Business Associates
  Wouldn't disposal come under operations? We have a vendor who picks us 
  locked bins of documents to be shredded.  We have had them sign a 
  Business Associate Agreement (we are also Business Associates.)  I would 
  not think there would be a need for accounting for these pick ups to be logged 
  as disclosures.  
   
   
  
  Joanne 
  Marquez
  Senior Director 
  
  Beech Street 
  Corporation
  Account 
  Services
  (949) 
  672-1519
   
  

-Original Message-From: Jason Brege 
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 
AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: 
Tracking Disclosures by Business Associates
I'm not entirely sure who "you" is in your question, but I assumed 
    that you are asking about business associates disclosing to business 
associates, so here's a stab at an answer.  It might also apply if 
you're asking about CE disclosures to transcription/disposal 
agencies.
 
I 
believe a business associate would have to account for those 
disclosures to other business associates where the disclosure is not for 
treatment, payment, or healthcare operations purposes.  Given our 
nature as a collection agency, most (if not all) of our disclosures are 
exempt from accounting because they are for payment purposes.  If we 
had a transcription service, it could possibly need accounting, but 

RE: Tracking Disclosures by Business Associates

[Rachel Foerster]

Title: Message



No, a "disclosure" to a business associate is not a 
true disclosure since the business associate is actually acting in the place of 
the covered entity. Thus, no disclosure has taken place for all intents and 
purposes.
 






Rachel 
Foerster
Rachel 
Foerster & Associates, Ltd.
Voice: 
847-872-8070
email: [EMAIL PROTECTED]
http://www.rfa-edi.com 

#
This 
transmission may be confidential or protected from disclosure and is only for 
review and use by the intended recipient.  Access by anyone else is unauthorized. 
Any unauthorized reader is hereby notified that any review, use, dissemination, 
disclosure or copying of this information, or any act or omission taken in 
reliance on it, is prohibited 
and may be unlawful.  If you 
received this transmission in error, please notify the sender immediately.  Thank you.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 
  11, 2003 8:44 AMTo: WEDI SNIP Privacy Workgroup 
  ListSubject: Re: Tracking Disclosures by Business 
  AssociatesBy the same token, for the patient 
  accounting, would you have to include disclosures you make to business 
  associates like transcription agencies and disposal agencies? They would come 
  up very often...Jill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP 
  listserv to which you are subscribed is not moderated. The discussions on this 
  listserv therefore represent the views of the individual participants, and do 
  not necessarily represent the views of the WEDI Board of Directors nor WEDI 
  SNIP. If you wish to receive an official opinion, post your question to the 
  WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
  should not be used for commercial marketing purposes or discussion of specific 
  vendor products and services. They also are not intended to be used as a forum 
  for personal disagreements or unprofessional communication at any 
  time.You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Tracking Disclosures by Business Associates

[Leah Hole-Curry]

I think these clearly fall under operations under (6) Business
management and general administrative activities of the entity.   Health
care operations is meant to encompass the normal things a business does
to "operate" or a run a business, which would include the mundane
trash/secure disposal, janitors, transcription and other secretarial
services, etc.  The need for business associate agreement is dependent
on whether access to PHI is necessary to accomplish the service.

Regards, lhc

Leah Hole-Curry, JD
FOX Systems, Inc.
602.708.1045 
Information transmitted is confidential and may be proprietary to FOX
Systems, Inc.  It is intended only for the person or entity to which it
is addressed.   Anyone else is prohibited from disclosing, copying, or
disseminating the contents or attachments.  If you receive this in
error, please notify sender immediately, or us at www.foxsys.com and
delete from your system.
>>> Jason Brege <[EMAIL PROTECTED]> 03/11/03 09:00 AM >>>
I would have originally thought disposal was operations as well, but
when I
looked at the definition of healthcare operations in 164.501, it really
seemed like a stretch.  It doesn't fit into any of the 6 main areas
under
this definition: 1.Quality assessment and improvement activities,
2.Reviewing the competence or qualifications of health care
professionals,
3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning
and
development, 6.Business management.  The only place to squeeze it in
would
be Business Management, but shredding documents doesn't seem to really
fit
with the 5 "included but not limited to" examples under that part.  It
really just depends on your legal counsel and how your risk assessments
see
this issue.  Practically, I think it would be absolutely insane to
account
for every piece of PHI on every piece of paper that you destroy.  I
think
there are ways to justify this as Business Management, and I think your
documentation of this decision would be key.  I believe this is one
reason
why most entities have just brought shredders or shredding companies
onsite.

 
Thanks,
 
Jason Brege
Clinton A. Harkins, P.C.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 11:18 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Tracking Disclosures by Business Associates


Wouldn't disposal come under operations? We have a vendor who picks us
locked bins of documents to be shredded.  We have had them sign a
Business
Associate Agreement (we are also Business Associates.)  I would not
think
there would be a need for accounting for these pick ups to be logged as
disclosures.  
 
 

Joanne Marquez

Senior Director 

Beech Street Corporation

Account Services

(949) 672-1519

 

-Original Message-
From: Jason Brege [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 11, 2003 7:32 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Tracking Disclosures by Business Associates


I'm not entirely sure who "you" is in your question, but I assumed that
you
are asking about business associates disclosing to business associates,
so
here's a stab at an answer.  It might also apply if you're asking about
CE
disclosures to transcription/disposal agencies.
 
I believe a business associate would have to account for those
disclosures
to other business associates where the disclosure is not for treatment,
payment, or healthcare operations purposes.  Given our nature as a
collection agency, most (if not all) of our disclosures are exempt from
accounting because they are for payment purposes.  If we had a
transcription
service, it could possibly need accounting, but I think that could be
absorbed under payment purposes.  It would depend on what type of
service
they are providing.  The disposal agency is not TPO as far as I can
determine, but if you're having them shred the information onsite,
trained
as a member of your workforce, it becomes a use rather than a
disclosure.
The only information taken offsite is shredded paper which formerly
contained PHI.  Thus nothing would be accounted for in the case of the
disposal agency working onsite.  Offsite, I think it would need further
investigation.  If we were a BA that had the practice of disclosing
information to public health authorities or other organizations, then we
would definitely have to account for those.  I think the best assessment
is
to determine whether the BA is disclosing for TPO purposes or otherwise,
and
then direct them to account for the non-TPO disclosures that would be
accounted for if done directly by the Covered Entity.
Thanks,
 
Jason Brege
Clinton A. Harkins, P.C.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 9:44 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Tracking Disclosures by Business Associates


By the same token, for the patient accounting,

RE: Tracking Disclosures by Business Associates

[Jason Brege]

Title: Message



I 
would have originally thought disposal was operations as well, but 
when I looked at the definition of healthcare operations in 164.501, it really 
seemed like a stretch.  It doesn't fit into any of the 6 main 
areas under this definition: 1.Quality assessment and improvement activities, 
2.Reviewing the competence or qualifications of health care professionals, 
3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning and 
development, 6.Business management.  The only place to squeeze it in would 
be Business Management, but shredding documents doesn't seem to really fit with 
the 5 "included but not limited to" examples under that part.  It really 
just depends on your legal counsel and how your risk assessments see this 
issue.  Practically, I think it would be absolutely insane to account for 
every piece of PHI on every piece of paper that you destroy.  I think there 
are ways to justify this as Business Management, and I think your documentation 
of this decision would be key.  I believe this is one reason why 
most entities have just brought shredders or shredding companies 
onsite.  
 
Thanks,
 
Jason 
Brege
Clinton A. Harkins, P.C.

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 
  2003 11:18 AMTo: [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]Subject: RE: Tracking Disclosures by 
  Business Associates
  Wouldn't disposal come under operations? We have a vendor who picks us 
  locked bins of documents to be shredded.  We have had them sign a 
  Business Associate Agreement (we are also Business Associates.)  I would 
  not think there would be a need for accounting for these pick ups to be logged 
  as disclosures.  
   
   
  
  Joanne 
  Marquez
  Senior Director 
  
  Beech Street 
  Corporation
  Account 
  Services
  (949) 
  672-1519
   
  

-Original Message-From: Jason Brege 
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 
AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: 
    Tracking Disclosures by Business Associates
I'm not entirely sure who "you" is in your question, but I assumed 
that you are asking about business associates disclosing to business 
associates, so here's a stab at an answer.  It might also apply if 
you're asking about CE disclosures to transcription/disposal 
agencies.
 
I 
believe a business associate would have to account for those 
disclosures to other business associates where the disclosure is not for 
treatment, payment, or healthcare operations purposes.  Given our 
nature as a collection agency, most (if not all) of our disclosures are 
exempt from accounting because they are for payment purposes.  If we 
had a transcription service, it could possibly need accounting, but I think 
that could be absorbed under payment purposes.  It would depend on what 
type of service they are providing.  The disposal agency is not TPO as 
far as I can determine, but if you're having them shred the information 
onsite, trained as a member of your workforce, it becomes a use rather 
than a disclosure.  The only information taken offsite is shredded 
paper which formerly contained PHI.  Thus nothing would be 
accounted for in the case of the disposal agency working onsite. 
 Offsite, I think it would need further investigation.  If we were 
a BA that had the practice of disclosing information to public health 
authorities or other organizations, then we would definitely have to account 
for those.  I think the best assessment is to determine whether the BA 
is disclosing for TPO purposes or otherwise, and then direct them to account 
for the non-TPO disclosures that would be accounted for if done directly by 
the Covered Entity.
Thanks,
 
Jason Brege
Clinton A. Harkins, P.C.

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 
  AMTo: [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]Subject: Re: Tracking Disclosures by 
  Business AssociatesBy the same token, for the 
  patient accounting, would you have to include disclosures you make to 
  business associates like transcription agencies and disposal agencies? 
  They would come up very often...Jill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] 
---
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific ve

RE: Tracking Disclosures by Business Associates

[Joanne.Marquez]

Title: Message



Wouldn't disposal come under operations? We have a vendor who picks us 
locked bins of documents to be shredded.  We have had them sign a Business 
Associate Agreement (we are also Business Associates.)  I would not think 
there would be a need for accounting for these pick ups to be logged as 
disclosures.  
 
 

Joanne 
Marquez
Senior Director 

Beech Street 
Corporation
Account Services
(949) 
672-1519
 

  
  -Original Message-From: Jason Brege 
  [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32   AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE:   Tracking Disclosures by Business Associates
  I'm 
  not entirely sure who "you" is in your question, but I assumed that you are 
  asking about business associates disclosing to business associates, so 
  here's a stab at an answer.  It might also apply if you're asking about 
  CE disclosures to transcription/disposal agencies.
   
  I 
  believe a business associate would have to account for those 
  disclosures to other business associates where the disclosure is not for   treatment, payment, or healthcare operations purposes.  Given our nature 
  as a collection agency, most (if not all) of our disclosures are exempt from 
  accounting because they are for payment purposes.  If we had a 
  transcription service, it could possibly need accounting, but I think that 
  could be absorbed under payment purposes.  It would depend on what type 
  of service they are providing.  The disposal agency is not TPO as far as 
  I can determine, but if you're having them shred the information onsite,   trained as a member of your workforce, it becomes a use rather than a 
  disclosure.  The only information taken offsite is shredded paper which 
  formerly contained PHI.  Thus nothing would be accounted for in the 
  case of the disposal agency working onsite.  Offsite, I think it would 
  need further investigation.  If we were a BA that had the practice of 
  disclosing information to public health authorities or other organizations, 
  then we would definitely have to account for those.  I think the best 
  assessment is to determine whether the BA is disclosing for TPO purposes or 
  otherwise, and then direct them to account for the non-TPO disclosures that 
  would be accounted for if done directly by the Covered 
  Entity.
  Thanks,
   
  Jason Brege
  Clinton A. Harkins, P.C.
  
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 
AMTo: [EMAIL PROTECTED]; 
[EMAIL PROTECTED]Subject: Re: Tracking Disclosures by 
Business AssociatesBy the same token, for the 
patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They 
would come up very often...Jill Rubin, 
Esq.(617)388-2404[EMAIL PROTECTED] 
  ---The WEDI SNIP listserv to which you are subscribed 
  is not moderated. The discussions on this listserv therefore represent the 
  views of the individual participants, and do not necessarily represent the 
  views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an 
  official opinion, post your question to the WEDI SNIP Issues Database at   http://snip.wedi.org/tracking/. These listservs should not be used for   commercial marketing purposes or discussion of specific vendor products and 
  services. They also are not intended to be used as a forum for personal   disagreements or unprofessional communication at any time.You are 
  currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To 
  unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org or send a blank email to 
  [EMAIL PROTECTED]If you need to unsubscribe but 
  your current email address is not the same as the address subscribed to the 
  list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org 
  
  This message is intended only for the use of the 
  individual to which it is addressed and contains information that is 
  privileged, confidential and exempt from disclosure under applicable law. If 
  the reader of this message is not the intended recipient or the employee or 
  agent responsible for delivering the message to intended recipient, you are 
  hereby notified that any dissemination, distribution or copying of this   communication is strictly prohibited. If you have received this communication 
  in error, please notify us immediately by telephone and permanently delete the 
  message immediately. Thank You 

*
Confidentiality Statement - This Email is confidential. The information herein is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination, 

RE: Tracking Disclosures by Business Associates

[Jason Brege]

I'm 
not entirely sure who "you" is in your question, but I assumed that you are 
asking about business associates disclosing to business associates, so 
here's a stab at an answer.  It might also apply if you're asking about CE 
disclosures to transcription/disposal agencies.
 
I 
believe a business associate would have to account for those 
disclosures to other business associates where the disclosure is not for 
treatment, payment, or healthcare operations purposes.  Given our nature as 
a collection agency, most (if not all) of our disclosures are exempt from 
accounting because they are for payment purposes.  If we had a 
transcription service, it could possibly need accounting, but I think that could 
be absorbed under payment purposes.  It would depend on what type of 
service they are providing.  The disposal agency is not TPO as far as I can 
determine, but if you're having them shred the information onsite, 
trained as a member of your workforce, it becomes a use rather than a 
disclosure.  The only information taken offsite is shredded paper which 
formerly contained PHI.  Thus nothing would be accounted for in the 
case of the disposal agency working onsite.  Offsite, I think it would need 
further investigation.  If we were a BA that had the practice of disclosing 
information to public health authorities or other organizations, then we would 
definitely have to account for those.  I think the best assessment is to 
determine whether the BA is disclosing for TPO purposes or otherwise, and then 
direct them to account for the non-TPO disclosures that would be accounted for 
if done directly by the Covered Entity.
Thanks,
 
Jason 
Brege
Clinton A. Harkins, P.C.

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 
  AMTo: [EMAIL PROTECTED]; 
  [EMAIL PROTECTED]Subject: Re: Tracking Disclosures by 
  Business AssociatesBy the same token, for the patient 
  accounting, would you have to include disclosures you make to business 
  associates like transcription agencies and disposal agencies? They would come 
  up very often...Jill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org




This message is intended only for the use of the individual to which it is addressed and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and permanently delete the message immediately.  Thank You 

Re: Tracking Disclosures by Business Associates

[JillGWlaw]

By the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Tracking Disclosures by Business Associates

[Jason Brege]

As a 
Business Associate collection agency, we have not had any Covered Entity clients 
request to track our disclosures themselves.  The wording they have used 
in our contracts instructs us to forward disclosure information if 
they notify us of an accounting request.  What we are doing is recording 
our relevant disclosures on our information system, and upon request we will 
forward them to the client when an accounting is requested for a certain 
patient.  For a BA like a collection or billing agency, I would imagine 
that these types of requests will be fairly common, since we hold a lot of the 
patient's information.  I believe this is the most straightforward way to 
go, but a Covered Entity should make sure the BA knows what types of disclosures 
to record, and that might be a daunting task with some BAs.  

Thanks,
 
Jason 
Brege
Clinton A. Harkins, P.C.

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 6:43 
  AMTo: WEDI SNIP Privacy Workgroup ListSubject: Tracking 
  Disclosures by Business AssociatesI am 
  curious how covered entities are tracking accountings of disclosures by 
  business associates that they then have to provide to the patient. In some 
  ways, this seems like a daunting task but then again, I am not sure how often 
  it will come up... I would appreciate your thoughts.Jill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] 
---
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org




This message is intended only for the use of the individual to which it is addressed and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and permanently delete the message immediately.  Thank You 

Tracking Disclosures by Business Associates

[JillGWlaw]

I am curious how covered entities are tracking accountings of disclosures by business associates that they then have to provide to the patient. In some ways, this seems like a daunting task but then again, I am not sure how often it will come up... I would appreciate your thoughts.

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Business Associates Agreement policy

[Tamra Behrens]

Hello-

 Does any one have a brief, but to the point Business Associate
agreement policy out there. I am needing to create one, but have not come
across any in my travels. Please email me with one. Any help would be
appreciated. Thanks
Tamra Behrens
Compliance Analyst
Sierra View District Hospital
Porterville, CA
[EMAIL PROTECTED]


--

DISCLAIMER: The information contained in this email transmission is
confidential and intended for the addressee only.  If the reader of this
message is not the addressee or addressee's agent, you are hereby advised
that any dissemination, distribution or copying of the information is
strictly prohibited.

The information contained in this email transmission may be protected under
the Attorney/Client Privilege and protected from disclosure under
California Evidence Code section 1157.  If protected by the attorney/client
privilege or by California Evidence Code Section 1157, the information
contained in this email transmission shall continue to be protected and
will not be negated by virtue of sending the information via this email.

If you receive this email in error, please call the Information Technology
Security Coordinator at (559) 788-6065 (collect if necessary) immediately
upon receipt. Thank you for your cooperation.




--

DISCLAIMER: The information contained in this email transmission is
confidential and intended for the addressee only.  If the reader of this
message is not the addressee or addressee's agent, you are hereby advised
that any dissemination, distribution or copying of the information is
strictly prohibited.

The information contained in this email transmission may be protected under
the Attorney/Client Privilege and protected from disclosure under
California Evidence Code section 1157.  If protected by the attorney/client
privilege or by California Evidence Code Section 1157, the information
contained in this email transmission shall continue to be protected and
will not be negated by virtue of sending the information via this email.

If you receive this email in error, please call the Information Technology
Security Coordinator at (559) 788-6065 (collect if necessary) immediately
upon receipt. Thank you for your cooperation.


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: medical vendors as Business Associates

[Doug Webb]

David,
Amen!
I would much rather have a clear answer beforehand 
than enforcement afterword.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  David Frenkel 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Thursday, February 27, 2003 11:18 
  PM
  Subject: RE: medical vendors as Business 
  Associates
  
  
  Doug,
  This is another 
  example of the daunting enforcement task CMS has.  There are so many interconnected 
  issues that have no clear resolution.  
  Somebody should calculate the cost of the lack of clarity of 
  HIPAA.
   
  Regards,
   
  
  David 
  Frenkel
  Business 
  Development
  GEFEG 
  USA
  Global 
  Leader in Ecommerce Tools
  www.gefeg.com
  612-237-1966
  -Original 
  Message-From: Doug Webb 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 
  2003 4:00 
  PMTo: WEDI SNIP Privacy Workgroup 
  ListSubject: Re: medical 
  vendors as Business Associates
   
  
  David,
  
  I would also tend to lean that way.  
  Could we get a definitive answer "From 
  Above"?
  
   
  
  The opinions expressed here are my own 
  and not necessarily the opinion of LCMH.
  
   
  
  Douglas M. WebbComputer System 
  EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED]
  
   
  
  "This electronic message may contain 
  information that is confidential and/or legally privileged. It is intended 
  only for the use of the individual(s) and entity(s)  named as recipients 
  in the message. If you are not an intended recipient of the message, please 
  notify the sender immediately,  delete the material from any computer, do 
  not deliver, distribute, or copy this message, and do not disclose its 
  contents or take action in reliance on the information it contains. Thank 
  you."
  
   
  
   
  

- Original Message - 


From: David Frenkel 


To: WEDI SNIP Privacy Workgroup 
List 

Sent: 
Wednesday, February 
26, 2003 02:55 
PM

    Subject: RE: 
medical vendors as Business Associates

 
Doug,
This 
discussion has appeared on other healthcare listservs and there seems to be 
a strong leaning towards having medical device manufacture reps be 
considered part of TPO.   
It brings up an interesting liability issue as well as a patient 
consent issue for reps being in the OR.
 
Regards,
 

David 
Frenkel
Business 
Development
GEFEG 
USA
Global 
Leader in Ecommerce Tools
www.gefeg.com
612-237-1966
-Original 
Message-From: Doug 
Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 
2003 2:53 
PMTo: David Frenkel; WEDI SNIP Privacy 
Workgroup ListSubject: Re: 
medical vendors as Business Associates
 

David,

They do, but I'm not directly involved, 
so I don't know the answer to your 
question.

 

Jim Hewitt did bring up an interesting 
point that these vendors may also be hardware/software support people.  
In that role, I would think that a BAA would be appropriate to state that 
they would protect PHI they contact while maintaining the 
equipment.

 

I had been thinking just of their role 
as a supplier of the equipment.

Whew! Covering all bases is 
tough!.

 

The opinions expressed here are my own 
and not necessarily the opinion of LCMH.

 

Douglas M. WebbComputer System 
EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED]

 

"This electronic message may contain 
information that is confidential and/or legally privileged. It is intended 
only for the use of the individual(s) and entity(s)  named as 
recipients in the message. If you are not an intended recipient of the 
message, please notify the sender immediately,  delete the material 
from any computer, do not deliver, distribute, or copy this message, and do 
not disclose its contents or take action in reliance on the information it 
contains. Thank you."

 

 

  
  - Original Message - 
  
  
  From: Davi

RE: medical vendors as Business Associates

[David Frenkel]

Doug,

This is another example of the daunting
enforcement task CMS has.  There are so
many interconnected issues that have no clear resolution.  Somebody should calculate the cost of the
lack of clarity of HIPAA.

 

Regards,

 



David Frenkel

Business Development

GEFEG USA

Global Leader in
Ecommerce Tools

www.gefeg.com

612-237-1966



-Original Message-
From: Doug Webb
[mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 26, 2003 4:00 PM
To: WEDI SNIP Privacy Workgroup
List
Subject: Re: medical vendors as
Business Associates

 



David,





I would also tend to lean that way.  Could we get
a definitive answer "From Above"?





 





The opinions expressed here are my own and not
necessarily the opinion of LCMH.





 





Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This electronic message may contain information
that is confidential and/or legally privileged. It is intended only for the use
of the individual(s) and entity(s)  named as recipients in the message. If
you are not an intended recipient of the message, please notify the sender
immediately,  delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."





 






 







- Original Message - 





From: David Frenkel 





To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February 26, 2003 02:55 PM





Subject: RE: medical
vendors as Business Associates





 



Doug,

This discussion has
appeared on other healthcare listservs and there seems to be a strong leaning
towards having medical device manufacture reps be considered part of TPO.   It brings up an interesting liability issue
as well as a patient consent issue for reps being in the OR.

 

Regards,

 



David
Frenkel

Business
Development

GEFEG USA

Global
Leader in Ecommerce Tools

www.gefeg.com

612-237-1966



-Original Message-
From: Doug Webb
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 2:53 PM
To: David Frenkel; WEDI SNIP
Privacy Workgroup List
Subject: Re: medical vendors as
Business Associates

 



David,





They do, but I'm not directly involved, so I don't
know the answer to your question.





 





Jim Hewitt did bring up an interesting point that
these vendors may also be hardware/software support people.  In that role,
I would think that a BAA would be appropriate to state that they would protect
PHI they contact while maintaining the equipment.





 





I had been thinking just of their role as a supplier
of the equipment.





Whew! Covering all bases is tough!.





 





The opinions expressed here are my own and not
necessarily the opinion of LCMH.





 





Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This electronic message may contain information
that is confidential and/or legally privileged. It is intended only for the use
of the individual(s) and entity(s)  named as recipients in the message. If
you are not an intended recipient of the message, please notify the sender
immediately,  delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."





 






 







- Original Message - 





From: David
Frenkel 





To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February 26, 2003 02:10 PM





Subject: RE: medical
vendors as Business Associates





 



Doug,

Does
your facility do medical device implants? 
If so, do you know what the official position is of your facility on
this?  Thanks.

 

Regards,

 



David Frenkel

Business Development

GEFEG USA

Global Leader in Ecommerce Tools

612-237-1966



-Original Message-
From: Doug Webb
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 11:29 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: Re: medical vendors as
Business Associates

 



Vicki,





I believe
that in this case the vendor would a Healthcare Provider participating in
Treatment. They would not be a BA.  They would be a CE if they used
any of the standard electronic transactions.





 





The
opinions expressed here are my own and not necessarily the opinion of LCMH.





 





Douglas
M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This
electronic message may contain information that is confidential and/or legally
privileged. It is intended only for the use of the individual(s) and
entity(s)  named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately,  delete
the material from any computer, do not deliv

RE: medical vendors as Business Associates

[Halfhill, Annette]

This letter linked to this e-mail is interesting, I am sure many providers
are struggling with this same issue. But I think the relevant question is do
medical vendors really provide treatment (by HIPAA definition), therefore
exempting this use/disclosure from a BA agreement? I have the definition of
treatment as meaning "the provision, coordination, or management of
healthcare and related services by one or more covered entities..." If you
are not a covered entity, can you provide treatment (by definition)?

It also states that medical vendors are working on their behalf and not the
providers. I do not feel that the relationship with providers is always that
clear. You sell provider a complicated device that needs insertion in the OR
and train our nursing and medical staff to use it, on who's behalf is the
medical vendor working in this scenario? 

I believe that there are no clear cut answers for some of these questions. I
met with a statewide group the other day, and in some instances, these
groups who have been working on these issues for around two years could not
always agree who is a BA and how to handle these third parties under HIPAA.

Anne Halfhill

-Original Message-
From: Kouzoukas, Demetrios [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 7:25 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: medical vendors as Business Associates


 
See http://www.advamed.org/publicdocs/ltr.%20richard%20campanelli.pdf
 

-- Demetrios

Demetrios L. Kouzoukas

Gardner, Carton & Douglas LLC

1301 K Street NW

Suite 900, East Tower

Washington, DC 20005-3317

Ph: (202) 230-5119

Fax: (202) 230-5319

Email: [EMAIL PROTECTED]

WWW: http://www.gcd.com/firm/bio.asp?empid=K224331082

Assistant: Dee English; (202) 230-5611; [EMAIL PROTECTED]


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: medical vendors as Business Associates

[Doug Webb]

Jo,
quite so.
I would lkie to call an 
entity that would be a CE if they did a single electronic transaction that a 
standard has been established for a "Potential Covered Entity" (PCE) and avoid 
all the repeated verbiage.
Any takers?
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Jo Clair 
  To: 'Doug Webb' 
  Sent: Wednesday, February 26, 2003 04:17 
  PM
  Subject: RE: medical vendors as Business 
  Associates
  
  Not all providers are CE's 
  (they may not do electronic transactions).
  
-Original Message-From: Doug Webb 
[mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 1:57 
PMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: 
    medical vendors as Business Associates
Craig,
That would be my 
understanding.
 
The opinions expressed here are my own and not necessarily the opinion 
of LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the 
individual(s) and entity(s)  named as recipients in the message. If you 
are not an intended recipient of the message, please notify the sender 
immediately,  delete the material from any computer, do not deliver, 
distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Craig 
  Moen 
  To: 'Doug Webb' 
  Sent: Wednesday, February 26, 2003 
  03:28 PM
  Subject: RE: medical vendors as 
  Business Associates
  
  Doug-
   
  I want to make sure I am 
  understanding.  
  We are a home health 
  agency that provides therapy services.  Our therapists interact with 
  DME providers, and orthotists and obviously share PHI.  Since 
  these are outside services not provided by us, the DME providers, and 
  orthotist independently bill the appropriate insurance company.  They 
  would then also be CE's and then we would be able to share info with them 
  without a BAA  because information can be shared between CE's as a 
  part of treatment.  
  Correct?
   
  Thanks for your 
  input
   
  Craig 
  Moen
  Director of 
  Rehabilitation
  THERAPY 
  2000
  Dallas, 
  TX---The WEDI SNIP listserv to which 
you are subscribed is not moderated. The discussions on this listserv 
therefore represent the views of the individual participants, and do not 
necessarily represent the views of the WEDI Board of Directors nor WEDI 
SNIP. If you wish to receive an official opinion, post your question to the 
WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
should not be used for commercial marketing purposes or discussion of 
specific vendor products and services. They also are not intended to be used 
as a forum for personal disagreements or unprofessional communication at any 
time.You are currently subscribed to wedi-privacy as: 
[EMAIL PROTECTED]To unsubscribe from this list, go to the 
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank 
email to [EMAIL PROTECTED]If you need to 
unsubscribe but your current email address is not the same as the address 
subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org 
  CONFIDENTIALITY NOTICE: This E-Mail is intended 
  only for the use of the individual or entity to which it is addressed and may 
  contain information that is privileged, confidential and exempt from 
  disclosure under applicable law. If you have received this communication in 
  error, please do not distribute it. Please notify the sender by E-Mail at the 
  address shown and delete the original message. Thank 
you.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily

RE: medical vendors as Business Associates

[Kouzoukas, Demetrios]

 
See http://www.advamed.org/publicdocs/ltr.%20richard%20campanelli.pdf
 

-- Demetrios

Demetrios L. Kouzoukas

Gardner, Carton & Douglas LLC

1301 K Street NW

Suite 900, East Tower

Washington, DC 20005-3317

Ph: (202) 230-5119

Fax: (202) 230-5319

Email: [EMAIL PROTECTED]

WWW: http://www.gcd.com/firm/bio.asp?empid=K224331082

Assistant: Dee English; (202) 230-5611; [EMAIL PROTECTED]

-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 5:00 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: medical vendors as Business Associates


David,
I would also tend to lean that way.  Could we get a definitive answer "From Above"?
 
The opinions expressed here are my own and not necessarily the opinion of LCMH.
 
Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."
 

 

- Original Message - 
From: David Frenkel <mailto:[EMAIL PROTECTED]>  
To: WEDI SNIP Privacy Workgroup  <mailto:[EMAIL PROTECTED]> List 
Sent: Wednesday, February 26, 2003 02:55 PM
Subject: RE: medical vendors as Business Associates


Doug,

This discussion has appeared on other healthcare listservs and there seems to be a 
strong leaning towards having medical device manufacture reps be considered part of 
TPO.   It brings up an interesting liability issue as well as a patient consent issue 
for reps being in the OR.

 

Regards,

 

David Frenkel

Business Development

GEFEG USA

Global Leader in Ecommerce Tools

www.gefeg.com

612-237-1966

-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 2:53 PM
To: David Frenkel; WEDI SNIP Privacy Workgroup List
Subject: Re: medical vendors as Business Associates

 

David,

They do, but I'm not directly involved, so I don't know the answer to your question.

 

Jim Hewitt did bring up an interesting point that these vendors may also be 
hardware/software support people.  In that role, I would think that a BAA would be 
appropriate to state that they would protect PHI they contact while maintaining the 
equipment.

 

I had been thinking just of their role as a supplier of the equipment.

Whew! Covering all bases is tough!.

 

The opinions expressed here are my own and not necessarily the opinion of LCMH.

 

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

 

"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."

 


 

- Original Message - 

From: David Frenkel <mailto:[EMAIL PROTECTED]>  

To: WEDI SNIP Privacy Workgroup  <mailto:[EMAIL PROTECTED]> List 

Sent: Wednesday, February 26, 2003 02:10 PM

Subject: RE: medical vendors as Business Associates

 

Doug,

Does your facility do medical device implants?  If so, do you know what the official 
position is of your facility on this?  Thanks.

 

Regards,

 

David Frenkel

Business Development

GEFEG USA

Global Leader in Ecommerce Tools

612-237-1966

-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 11:29 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: medical vendors as Business Associates

 

Vicki,

I believe that in this case the vendor would a Healthcare Provider participating in 
Treatment. They would not be a BA.  They would be a CE if they used any of the 
standard electronic transactions.

 

The opinions expressed here are my own and not necessarily the opinion of LCMH.

 

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

 

"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, 

Re: medical vendors as Business Associates

[Doug Webb]

David,
I would also tend to lean that way.  Could we get a 
definitive answer "From Above"?
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  David Frenkel 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Wednesday, February 26, 2003 02:55 
  PM
  Subject: RE: medical vendors as Business 
  Associates
  
  
  Doug,
  This discussion has 
  appeared on other healthcare listservs and there 
  seems to be a strong leaning towards having medical device manufacture reps be 
  considered part of TPO.   It brings up an interesting liability 
  issue as well as a patient consent issue for reps being in the 
  OR.
   
  Regards,
   
  
  David 
  Frenkel
  Business 
  Development
  GEFEG 
  USA
  Global 
  Leader in Ecommerce Tools
  www.gefeg.com
  612-237-1966
  -Original 
  Message-From: Doug Webb 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 
  2003 2:53 
  PMTo: David Frenkel; WEDI SNIP Privacy 
  Workgroup ListSubject: Re: 
  medical vendors as Business Associates
   
  
  David,
  
  They do, but I'm not directly involved, 
  so I don't know the answer to your 
question.
  
   
  
  Jim Hewitt did bring up an interesting 
  point that these vendors may also be hardware/software support people.  
  In that role, I would think that a BAA would be appropriate to state that they 
  would protect PHI they contact while maintaining the 
  equipment.
  
   
  
  I had been thinking just of their role as 
  a supplier of the equipment.
  
  Whew! Covering all bases is 
  tough!.
  
   
  
  The opinions expressed here are my own 
  and not necessarily the opinion of LCMH.
  
   
  
  Douglas M. WebbComputer System 
  EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED]
  
   
  
  "This electronic message may contain 
  information that is confidential and/or legally privileged. It is intended 
  only for the use of the individual(s) and entity(s)  named as recipients 
  in the message. If you are not an intended recipient of the message, please 
  notify the sender immediately,  delete the material from any computer, do 
  not deliver, distribute, or copy this message, and do not disclose its 
  contents or take action in reliance on the information it contains. Thank 
  you."
  
   
  
   
  

- Original Message - 


From: David Frenkel 


To: WEDI SNIP Privacy Workgroup 
List 

Sent: 
Wednesday, February 
26, 2003 02:10 
PM

    Subject: RE: 
medical vendors as Business Associates

 
Doug,
Does 
your facility do medical device implants?  If so, do you know what the official 
position is of your facility on this?  
Thanks.
 
Regards,
 

David 
Frenkel
Business 
Development
GEFEG 
USA
Global 
Leader in Ecommerce Tools
612-237-1966
-Original 
Message-From: Doug 
Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 
2003 11:29 
AMTo: WEDI SNIP Privacy Workgroup 
ListSubject: Re: medical 
vendors as Business Associates
 

Vicki,

I believe 
that in this case the vendor would a Healthcare Provider participating 
in Treatment. They would not be a BA.  They would be a CE if they 
used any of the standard electronic transactions.

 

The 
opinions expressed here are my own and not necessarily the opinion of 
LCMH.

 

Douglas M. 
WebbComputer System EngineerLittle Company of Mary Hospital & 
Health Care Centers[EMAIL PROTECTED]

 

"This electronic 
message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and 
entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender 
immediately,  delete the material from any computer, do not deliver, 
distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank 
you."

 

 

  
  - Original 
  Message - 

Re: medical vendors as Business Associates

[Doug Webb]

Craig,
That would be my 
understanding.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Craig 
  Moen 
  To: 'Doug Webb' 
  Sent: Wednesday, February 26, 2003 03:28 
  PM
  Subject: RE: medical vendors as Business 
  Associates
  
  Doug-
   
  I want to make sure I am 
  understanding.  
  We are a home health agency 
  that provides therapy services.  Our therapists interact with DME 
  providers, and orthotists and obviously share PHI.  Since these are 
  outside services not provided by us, the DME providers, and orthotist 
  independently bill the appropriate insurance company.  They would then 
  also be CE's and then we would be able to share info with them without a BAA 
   because information can be shared between CE's as a part of 
  treatment.  
  Correct?
   
  Thanks for your 
  input
   
  Craig 
Moen
  Director of 
  Rehabilitation
  THERAPY 
  2000
  Dallas, 
TX
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: medical vendors as Business Associates

[Matthew Rosenblum]

Jill,

 

HHS
provided the following guidance in the Preamble to the (initial) Privacy
regulations:

 

"The
term 'medical and other health services' means any of the following items or
services. (6) durable medical equipment."

 

So, if
the provider of those services conducts a HIPAA-specified electronic transaction
in regard to its services, the provider may be a CE.



 

I hope that this helps.

 

Your questions are always welcome.

 

Matt

 

Matthew
Rosenblum

Chief Operations Officer

Privacy, Quality Management & Regulatory
Affairs

 

CPI Directions, Inc.

10 West 15th Street, Suite 1922

New York, NY 10011

 

(212) 675-6367

[EMAIL PROTECTED]

 

CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.  Please
notify the sender by E-Mail at the address shown and delete the original
message. Thank you.

 

AVISO DEL
CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener
información privilegiada, confidencial y exenta de acceso bajo la ley
aplicable. Si usted ha recibido esta comunicación por error, por favor
no lo distribuya.  Favor notificar al remitente del E-Mail a la
dirección mostrada y elimine el mensaje original. Gracias.

 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003
7:42 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: medical vendors as
Business Associates

 

Are medical vendors that supply
products like prosthesis, wheelchairs, etc., considered BA? I have been
researching this and can't seem to come up with clear answer...

Thanks in advance

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not intended
to be used as a forum for personal disagreements or unprofessional
communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe form
at http://subscribe.wedi.org 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: medical vendors as Business Associates

[David Frenkel]

Doug,

This discussion has appeared on other healthcare
listservs and there seems to be a strong leaning
towards having medical device manufacture reps be considered part of TPO.   It
brings up an interesting liability issue as well as a patient consent issue for
reps being in the OR.

 

Regards,

 



David Frenkel

Business Development

GEFEG USA

Global Leader in
Ecommerce Tools

www.gefeg.com

612-237-1966



-Original Message-
From: Doug Webb [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 26, 2003 2:53 PM
To: David Frenkel; WEDI SNIP
Privacy Workgroup List
Subject: Re: medical vendors as
Business Associates

 



David,





They do, but I'm not directly involved, so I don't
know the answer to your question.





 





Jim Hewitt did bring up an interesting point that
these vendors may also be hardware/software support people.  In that role,
I would think that a BAA would be appropriate to state that they would protect
PHI they contact while maintaining the equipment.





 





I had been thinking just of their role as a supplier
of the equipment.





Whew! Covering all bases is tough!.





 





The opinions expressed here are my own and not
necessarily the opinion of LCMH.





 





Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This electronic message may contain information that
is confidential and/or legally privileged. It is intended only for the use of
the individual(s) and entity(s)  named as recipients in the message. If
you are not an intended recipient of the message, please notify the sender
immediately,  delete the material from any computer, do not deliver,
distribute, or copy this message, and do not disclose its contents or take
action in reliance on the information it contains. Thank you."





 






 







- Original Message - 





From: David Frenkel 





To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February 26, 2003 02:10 PM





Subject: RE: medical
vendors as Business Associates





 



Doug,

Does your facility do
medical device implants?  If so, do you
know what the official position is of your facility on this?  Thanks.

 

Regards,

 



David
Frenkel

Business
Development

GEFEG USA

Global
Leader in Ecommerce Tools

612-237-1966



-Original Message-
From: Doug Webb
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 11:29 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: Re: medical vendors as
Business Associates

 



Vicki,





I believe
that in this case the vendor would a Healthcare Provider participating in
Treatment. They would not be a BA.  They would be a CE if they used
any of the standard electronic transactions.





 





The
opinions expressed here are my own and not necessarily the opinion of LCMH.





 





Douglas
M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This
electronic message may contain information that is confidential and/or legally privileged.
It is intended only for the use of the individual(s) and entity(s)  named
as recipients in the message. If you are not an intended recipient of the
message, please notify the sender immediately,  delete the material from
any computer, do not deliver, distribute, or copy this message, and do not
disclose its contents or take action in reliance on the information it
contains. Thank you."





 






 







-
Original Message - 





From: Vicki
Schaff 





To: Doug Webb 





Sent: Wednesday, February
 26, 2003 10:53 AM





Subject: Re:
medical vendors as Business Associates





 





Consider the vendor who supplies a new
medical device to a healthcare facility (CE) and the
vendor provides instruction to a surgeon (CE) during implantation of
the device.  The vendor has access to PHI.One
legal opinion has stated that the vendor is a BA of the healthcare facility. 
Your Comments.  







-
Original Message - 





From: Doug Webb






To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February
 26, 2003 9:29 AM





Subject: Re:
medical vendors as Business Associates





 





Jill,





I
agree with Dan.





 





The
critical question is do you do anything on behalf of a Covered Entity that
involves PHI?  If this answer is "No", you do not need a BAA.





 





Providing
devices to non-patients isolates you from PHI.





 





Providing
devices to patients is acting on behalf of yourself (I assume you make a profit
on the deal, or you wouldn't be in business), not a service to the Covered
Entity.  If you also bill insurance carriers electronically, you may be a
Covered Entity (providing Treatment).





 





As Dan
said, it would be extremely rare that a vendor of this type would be in a
Business Associate relationship with a Covered Entity.





 





If it
operates in so

Re: medical vendors as Business Associates

[Doug Webb]

David,
They do, but I'm not directly involved, so I don't know the 
answer to your question.
 
Jim Hewitt did bring up an interesting point that these 
vendors may also be hardware/software support people.  In that role, I 
would think that a BAA would be appropriate to state that they would protect PHI 
they contact while maintaining the equipment.
 
I had been thinking just of their role as a supplier of the 
equipment.
Whew! Covering all bases is tough!.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  David Frenkel 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Wednesday, February 26, 2003 02:10 
  PM
  Subject: RE: medical vendors as Business 
  Associates
  
  
  Doug,
  Does your facility do 
  medical device implants?  If so, 
  do you know what the official position is of your facility on this?  Thanks.
   
  Regards,
   
  
  David 
  Frenkel
  Business 
  Development
  GEFEG 
  USA
  Global 
  Leader in Ecommerce Tools
  612-237-1966
  -Original 
  Message-From: Doug Webb 
  [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 11:29 
  AMTo: WEDI SNIP Privacy 
  Workgroup ListSubject: Re: 
  medical vendors as Business Associates
   
  
  Vicki,
  
  I believe that 
  in this case the vendor would a Healthcare Provider participating in 
  Treatment. They would not be a BA.  They would be a CE if they used 
  any of the standard electronic transactions.
  
   
  
  The 
  opinions expressed here are my own and not necessarily the opinion of 
  LCMH.
  
   
  
  Douglas M. 
  WebbComputer System EngineerLittle Company of Mary Hospital & 
  Health Care Centers[EMAIL PROTECTED]
  
   
  
  "This 
  electronic message may contain information that is confidential and/or legally 
  privileged. It is intended only for the use of the individual(s) and 
  entity(s)  named as recipients in the message. If you are not an intended 
  recipient of the message, please notify the sender immediately,  delete 
  the material from any computer, do not deliver, distribute, or copy this 
  message, and do not disclose its contents or take action in reliance on the 
  information it contains. Thank you."
  
   
  
   
  

- Original 
Message - 

From: Vicki Schaff 


To: Doug Webb 


Sent: Wednesday, 
February 26, 2003 10:53 AM

    Subject: Re: medical 
vendors as Business Associates

 

Consider 
the vendor who supplies a new medical device to a healthcare 
facility (CE) and the vendor provides instruction to a surgeon 
(CE) during implantation of the device.  The vendor has access to 
PHI.One legal opinion has stated that 
the vendor is a BA of the healthcare facility.  Your 
Comments.  

  
  - Original 
  Message - 
  
  From: Doug Webb 
  
  
  To: WEDI SNIP Privacy Workgroup 
  List 
  
  Sent: Wednesday, 
  February 26, 2003 9:29 AM
  
  Subject: Re: medical 
  vendors as Business Associates
  
   
  
  Jill,
  
  I agree with 
  Dan.
  
   
  
  The critical 
  question is do you do anything on behalf of a Covered Entity that involves 
  PHI?  If this answer is "No", you do not need a 
  BAA.
  
   
  
  Providing 
  devices to non-patients isolates you from PHI.
  
   
  
  Providing 
  devices to patients is acting on behalf of yourself (I assume you make a 
  profit on the deal, or you wouldn't be in business), not a service to the 
  Covered Entity.  If you also bill insurance carriers electronically, 
  you may be a Covered Entity (providing Treatment).
  
   
  
  As Dan said, it 
  would be extremely rare that a vendor of this type would be in a Business 
  Associate relationship with a Covered Entity.
  
   
  
  If it operates 
  in some other role in addition to being a DME vendor, that role must be 
  considered independantly.
  
  .
  
  The opinions 
  expressed here are my own and not necessarily the opinion of 
  LCMH.
  
   
  
  Douglas M. 
  WebbComputer System En

RE: medical vendors as Business Associates

[David Frenkel]

Doug,

Does your facility do medical device
implants?  If so, do you know what the official
position is of your facility on this?  Thanks.

 

Regards,

 



David Frenkel

Business Development

GEFEG USA

Global Leader in
Ecommerce Tools

612-237-1966



-Original Message-
From: Doug Webb
[mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 26, 2003 11:29 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: Re: medical vendors as
Business Associates

 



Vicki,





I believe
that in this case the vendor would a Healthcare Provider participating in
Treatment. They would not be a BA.  They would be a CE if they used
any of the standard electronic transactions.





 





The
opinions expressed here are my own and not necessarily the opinion of LCMH.





 





Douglas
M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This
electronic message may contain information that is confidential and/or legally
privileged. It is intended only for the use of the individual(s) and
entity(s)  named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately,  delete
the material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."





 






 







-
Original Message - 





From: Vicki
Schaff 





To: Doug Webb 





Sent: Wednesday, February
26, 2003 10:53 AM





Subject: Re:
medical vendors as Business Associates





 





Consider the vendor who supplies a new
medical device to a healthcare facility (CE) and the
vendor provides instruction to a surgeon (CE) during implantation of
the device.  The vendor has access to PHI.One legal
opinion has stated that the vendor is a BA of the healthcare
facility.  Your Comments.  







-
Original Message - 





From: Doug Webb






To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February
26, 2003 9:29 AM





Subject: Re:
medical vendors as Business Associates





 





Jill,





I
agree with Dan.





 





The
critical question is do you do anything on behalf of a Covered Entity that
involves PHI?  If this answer is "No", you do not need a BAA.





 





Providing
devices to non-patients isolates you from PHI.





 





Providing
devices to patients is acting on behalf of yourself (I assume you make a profit
on the deal, or you wouldn't be in business), not a service to the Covered
Entity.  If you also bill insurance carriers electronically, you may be a
Covered Entity (providing Treatment).





 





As Dan
said, it would be extremely rare that a vendor of this type would be in a
Business Associate relationship with a Covered Entity.





 





If it
operates in some other role in addition to being a DME vendor, that role must
be considered independantly.





.





The
opinions expressed here are my own and not necessarily the opinion of LCMH.





 





Douglas
M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]





 





"This
electronic message may contain information that is confidential and/or legally
privileged. It is intended only for the use of the individual(s) and
entity(s)  named as recipients in the message. If you are not an intended
recipient of the message, please notify the sender immediately,  delete
the material from any computer, do not deliver, distribute, or copy this
message, and do not disclose its contents or take action in reliance on the
information it contains. Thank you."





 






 







-
Original Message - 





From: Dan
Kelsey 





To: WEDI
SNIP Privacy Workgroup List 





Sent: Wednesday, February
26, 2003 08:32 AM





Subject: RE:
medical vendors as Business Associates





 





I think your decision
would have to be very fact based.  For example, if a wheelchair company
sells 50 wheelchairs to a hospital, then they would not be a BA of the
hospital.  However, if the hospital rehab unit orders a custom fit
wheelchair that involves disclosure of the patient's limitations, physical
build, etc., then chances are a BA relationship does not exist either.  I
say "chances are" because treatment by a health care provider is exempt
from the BA definition and a BAA is not required.  





 





The key issue is if the
medical vendor meets the definition of a health care provider - there is a
mention in HIPAA for the Federal definition, and it is fairly all
encompassing.  Generally speaking, I do not think the majority of these
vendors would be business associates.





 





Hope this helps,





Dan Kelsey 
Practice Advisor 
Indiana State Medical Association 
800-257-4762 
(317) 261-2060 
(317) 261-2076 - fax 





-Original
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 

Re: medical vendors as Business Associates

[Jim Hewitt]

Medical equipment vendors often receive PHI, if you're
not careful.  Machines like heart rate monitors often
store patient identifiers, and if a technician takes
one off-site for repairs the PHI goes with it.

-Jim


__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: medical vendors as Business Associates

[Doug Webb]

Vicki,
I believe that in this 
case the vendor would a Healthcare Provider participating in 
Treatment. They 
would not be a BA.  They would be a CE if they used any of the standard 
electronic transactions.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Vicki Schaff 
  To: Doug Webb 
  Sent: Wednesday, February 26, 2003 10:53 
  AM
  Subject: Re: medical vendors as Business 
  Associates
  
  Consider the vendor who supplies a new 
  medical device to a healthcare facility (CE) and the 
  vendor provides instruction to a surgeon (CE) during implantation of 
  the device.  The vendor has 
  access to PHI.One legal 
  opinion has stated that the vendor is a BA of the healthcare 
  facility.  Your Comments.  
  
- Original Message - 
From: 
Doug Webb 
To: WEDI SNIP Privacy Workgroup 
List 
Sent: Wednesday, February 26, 2003 9:29 
AM
Subject: Re: medical vendors as 
Business Associates

Jill,
I agree with Dan.
 
The critical question is do you do anything on behalf of a 
Covered Entity that involves PHI?  If this answer is "No", you do not 
need a BAA.
 
Providing devices to non-patients isolates you from 
PHI.
 
Providing devices to patients is acting on behalf of 
yourself (I assume you make a profit on the deal, or you wouldn't be in 
business), not a service to the Covered Entity.  If you also bill 
insurance carriers electronically, you may be a Covered Entity (providing 
Treatment).
 
As Dan said, it would be extremely rare that a vendor of 
this type would be in a Business Associate relationship with a Covered 
Entity.
 
If it operates in some other role in addition to being a 
DME vendor, that role must be considered independantly.
.
The opinions expressed here are my own and not necessarily the opinion 
of LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the 
individual(s) and entity(s)  named as recipients in the message. If you 
are not an intended recipient of the message, please notify the sender 
immediately,  delete the material from any computer, do not deliver, 
distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Dan 
  Kelsey 
  To: WEDI SNIP Privacy Workgroup 
  List 
  Sent: Wednesday, February 26, 2003 
  08:32 AM
  Subject: RE: medical vendors as 
  Business Associates
  
  I think 
  your decision would have to be very fact based.  For example, if a 
  wheelchair company sells 50 wheelchairs to a hospital, then they would not 
  be a BA of the hospital.  However, if the hospital rehab unit orders 
  a custom fit wheelchair that involves disclosure of the patient's 
  limitations, physical build, etc., then chances are a BA relationship does 
  not exist either.  I say "chances are" because treatment by a health 
  care provider is exempt from the BA definition and a BAA is not 
  required.  
   
  The key 
  issue is if the medical vendor meets the definition of a health care 
  provider - there is a mention in HIPAA for the Federal definition, and it 
  is fairly all encompassing.  Generally speaking, I do not think the 
      majority of these vendors would be business 
associates.
   
  Hope this 
  helps,
  
  Dan Kelsey Practice Advisor Indiana State 
  Medical Association 800-257-4762 (317) 
  261-2060 (317) 261-2076 - fax 
  
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 
7:42 AMTo: WEDI SNIP Privacy Workgroup 
ListSubject: medical vendors as Business 
AssociatesAre medical vendors that supply 
products like prosthesis, wheelchairs, etc., considered BA? I 

Re: medical vendors as Business Associates

[Doug Webb]

Dawn,
This looks like a lot of "CYA" BAA contracts being sent 
unnecessarily.  The logic seems to be send them to everybody, and see who 
signs them.
 
Don't forget that the CE is the one who is responsible to 
ensure that the proper BAAs are in place.  Since a contract is signed by 
both sides, it doesn't matter who drafts the text.  A BA who drafts the BAA 
text is trying to increase the likelyhood that their version is the one that is 
signed.  Don't sign anything until your lawyer checks it out!
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Dawn 
  Lenox 
  To: Doug Webb 
  Sent: Wednesday, February 26, 2003 09:37 
  AM
  Subject: Re: medical vendors as Business 
  Associates
  
  I tried to explain this to 
  a vendor that sent us (CE) their BA (non-CE) as a favor to usThey said we 
  were being liberal in our interpretation and that they were being 
  "conservative"...they did not even request that we sign it...go 
  figure.
  
- Original Message - 
From: 
Doug Webb 
To: WEDI SNIP Privacy Workgroup 
List 
Sent: Wednesday, February 26, 2003 9:29 
AM
    Subject: Re: medical vendors as 
Business Associates

Jill,
I agree with Dan.
 
The critical question is do you do anything on behalf of a 
Covered Entity that involves PHI?  If this answer is "No", you do not 
need a BAA.
 
Providing devices to non-patients isolates you from 
PHI.
 
Providing devices to patients is acting on behalf of 
yourself (I assume you make a profit on the deal, or you wouldn't be in 
business), not a service to the Covered Entity.  If you also bill 
insurance carriers electronically, you may be a Covered Entity (providing 
Treatment).
 
As Dan said, it would be extremely rare that a vendor of 
this type would be in a Business Associate relationship with a Covered 
Entity.
 
If it operates in some other role in addition to being a 
DME vendor, that role must be considered independantly.
.
The opinions expressed here are my own and not necessarily the opinion 
of LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the 
individual(s) and entity(s)  named as recipients in the message. If you 
are not an intended recipient of the message, please notify the sender 
immediately,  delete the material from any computer, do not deliver, 
distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Dan 
  Kelsey 
  To: WEDI SNIP Privacy Workgroup 
  List 
  Sent: Wednesday, February 26, 2003 
  08:32 AM
  Subject: RE: medical vendors as 
  Business Associates
  
  I think 
  your decision would have to be very fact based.  For example, if a 
  wheelchair company sells 50 wheelchairs to a hospital, then they would not 
  be a BA of the hospital.  However, if the hospital rehab unit orders 
  a custom fit wheelchair that involves disclosure of the patient's 
  limitations, physical build, etc., then chances are a BA relationship does 
  not exist either.  I say "chances are" because treatment by a health 
  care provider is exempt from the BA definition and a BAA is not 
  required.  
   
  The key 
  issue is if the medical vendor meets the definition of a health care 
  provider - there is a mention in HIPAA for the Federal definition, and it 
  is fairly all encompassing.  Generally speaking, I do not think the 
  majority of these vendors would be business 
associates.
   
  Hope this 
  helps,
  
  Dan Kelsey Practice Advisor Indiana State 
  Medical Association 800-257-4762 (317) 
  261-2060 (317) 261-2076 - fax 
  
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL

RE: medical vendors as Business Associates

[Rachel Foerster]

It's more likely this activity/role falls under a 
DME provider activity and thus may make this function/role a provider type. If 
they then seek reimbursement from a payer/health plan, this constitutes acting 
as a provider, doesn't it?
 
I'm aware of at least one major orthopaedic mfgr that 
has already determined its activity in directly providing to the patient their 
DME classified products and for which they then submit a claim for reimbursement 
makes this activity/role a covered entity.
 


Rachel 
Foerster CEO & 
PresidentRachel 
Foerster & Associates, Ltd. Professionals in Health 
Care EDI, Privacy & Security39432 North Avenue 
Beach Park, IL 60099 Voice: 
847-872-8070 Fax: 847-872-6860 eMail: 
[EMAIL PROTECTED] 
http://www.rfa-edi.com 
##
This 
transmission may be confidential or protected from disclosure and is only for 
review and use by the intended recipient.  
Access by anyone else is unauthorized. Any unauthorized reader is hereby 
notified that any review, use, dissemination, disclosure or copying of this 
information, or any act or omission taken in reliance on it, is 
prohibited 
and may be unlawful.  If you 
received this transmission in error, please notify the sender immediately.  Thank 
you

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 6:42 
  AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical 
  vendors as Business AssociatesAre 
  medical vendors that supply products like prosthesis, wheelchairs, etc., 
  considered BA? I have been researching this and can't seem to come up with 
  clear answer...Thanks in advanceJill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP 
  listserv to which you are subscribed is not moderated. The discussions on this 
  listserv therefore represent the views of the individual participants, and do 
  not necessarily represent the views of the WEDI Board of Directors nor WEDI 
  SNIP. If you wish to receive an official opinion, post your question to the 
  WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
  should not be used for commercial marketing purposes or discussion of specific 
  vendor products and services. They also are not intended to be used as a forum 
  for personal disagreements or unprofessional communication at any 
  time.You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: medical vendors as Business Associates

[Doug Webb]

Jill,
I agree with Dan.
 
The critical question is do you do anything on behalf of a 
Covered Entity that involves PHI?  If this answer is "No", you do not need 
a BAA.
 
Providing devices to non-patients isolates you from 
PHI.
 
Providing devices to patients is acting on behalf of yourself 
(I assume you make a profit on the deal, or you wouldn't be in business), not a 
service to the Covered Entity.  If you also bill insurance carriers 
electronically, you may be a Covered Entity (providing Treatment).
 
As Dan said, it would be extremely rare that a vendor of this 
type would be in a Business Associate relationship with a Covered 
Entity.
 
If it operates in some other role in addition to being a DME 
vendor, that role must be considered independantly.
.
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Dan Kelsey 
  
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Wednesday, February 26, 2003 08:32 
  AM
  Subject: RE: medical vendors as Business 
  Associates
  
  I think your 
  decision would have to be very fact based.  For example, if a wheelchair 
  company sells 50 wheelchairs to a hospital, then they would not be a BA of the 
  hospital.  However, if the hospital rehab unit orders a custom fit 
  wheelchair that involves disclosure of the patient's limitations, physical 
  build, etc., then chances are a BA relationship does not exist either.  I 
  say "chances are" because treatment by a health care provider is exempt from 
  the BA definition and a BAA is not required.  
   
  The key issue 
  is if the medical vendor meets the definition of a health care provider - 
  there is a mention in HIPAA for the Federal definition, and it is fairly all 
  encompassing.  Generally speaking, I do not think the majority of these 
  vendors would be business associates.
   
  Hope this 
  helps,
  
  Dan Kelsey Practice Advisor Indiana State 
  Medical Association 800-257-4762 
  (317) 261-2060 (317) 261-2076 - fax 
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 7:42 
AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical 
vendors as Business AssociatesAre 
medical vendors that supply products like prosthesis, wheelchairs, etc., 
considered BA? I have been researching this and can't seem to come up with 
clear answer...Thanks in advanceJill Rubin, 
Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP 
listserv to which you are subscribed is not moderated. The discussions on 
this listserv therefore represent the views of the individual participants, 
and do not necessarily represent the views of the WEDI Board of Directors 
nor WEDI SNIP. If you wish to receive an official opinion, post your 
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. 
These listservs should not be used for commercial marketing purposes or 
discussion of specific vendor products and services. They also are not 
intended to be used as a forum for personal disagreements or unprofessional 
communication at any time.You are currently subscribed to 
wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to 
the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank 
email to [EMAIL PROTECTED]If you need to 
unsubscribe but your current email address is not the same as the address 
subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org ---The WEDI SNIP listserv to 
  which you are subscribed is not moderated. The discussions on this listserv 
  therefore represent the views of the individual participants, and do not 
  necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. 
  If you wish to receive an official opinion, post your question to the WEDI 
  SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should 
  not be used for commercial marketing purposes or discussion of specific vendor 
  products and services. They also are not intended to be used as a forum for 
  personal disagreements or unprofessional communication at any time.You 
  are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To u

RE: medical vendors as Business Associates

[Dan Kelsey]

I think your 
decision would have to be very fact based.  For example, if a wheelchair 
company sells 50 wheelchairs to a hospital, then they would not be a BA of the 
hospital.  However, if the hospital rehab unit orders a custom fit 
wheelchair that involves disclosure of the patient's limitations, physical 
build, etc., then chances are a BA relationship does not exist either.  I 
say "chances are" because treatment by a health care provider is exempt from the 
BA definition and a BAA is not required.  
 
The key issue is 
if the medical vendor meets the definition of a health care provider - there is 
a mention in HIPAA for the Federal definition, and it is fairly all 
encompassing.  Generally speaking, I do not think the majority of these 
vendors would be business associates.
 
Hope this 
helps,

Dan Kelsey Practice Advisor Indiana State 
Medical Association 800-257-4762 
(317) 261-2060 (317) 261-2076 - fax 

  -Original 
  Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 7:42 
  AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical 
  vendors as Business AssociatesAre 
  medical vendors that supply products like prosthesis, wheelchairs, etc., 
  considered BA? I have been researching this and can't seem to come up with 
  clear answer...Thanks in advanceJill Rubin, 
  Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP 
  listserv to which you are subscribed is not moderated. The discussions on this 
  listserv therefore represent the views of the individual participants, and do 
  not necessarily represent the views of the WEDI Board of Directors nor WEDI 
  SNIP. If you wish to receive an official opinion, post your question to the 
  WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
  should not be used for commercial marketing purposes or discussion of specific 
  vendor products and services. They also are not intended to be used as a forum 
  for personal disagreements or unprofessional communication at any 
  time.You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

medical vendors as Business Associates

[JillGWlaw]

Are medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer...

Thanks in advance

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Are dieticians Business Associates?

[Matthew Rosenblum]

Vikas,

If the "dietary purpose" is treatment (including evaluations and assessments
for food-intake, medication contraindications, etc.) the dietician would NOT
be defined under HIPAA as a "business associate".  However, if the "dietary
purpose" is related to say, a quality improvement activity (defined under
HIPAA as a "health care operation"), then the possibility exists for the
dietician to be defined as a "business associate".
 
I hope that this helps.
 
Your questions are always welcome.
 
Matt
 
Matthew Rosenblum
Chief Operations Officer
Privacy, Quality Management & Regulatory Affairs
http://www.CPIdirections.com

CPI Directions, Inc.
10 West 15th Street, Suite 1922
New York, NY 10011
 
(212) 675-6367
[EMAIL PROTECTED]
 
CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the
individual or entity to which it is addressed and may contain information
that is privileged, confidential and exempt from disclosure under applicable
law. If you have received this communication in error, please do not
distribute it.  Please notify the sender by E-Mail at the address shown and
delete the original message. Thank you.
 
AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del
individuo o la entidad a la cual se dirige y puede contener información
privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si
usted ha recibido esta comunicación por error, por favor no lo distribuya.
Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el
mensaje original. Gracias.
 
-Original Message-
From: Vikas Budhiraja [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 25, 2003 11:52 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Are dieticians Business Associates?

A question about Dieticians. If a contract dietician reviews a patient's
medical charts for dietary purposes, is he/she considered a BA? Or would
this be considered part of treatment.

Thanks,
Vikas



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: Are dieticians Business Associates?

[Doug Webb]

Vikas,
The Dietician would be performing Treatment duties, and thus 
be a Covered Entity if he does any electronic transactions that have HIPAA 
standards.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Vikas Budhiraja 
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Tuesday, February 25, 2003 10:51 
  AM
  Subject: Are dieticians Business 
  Associates?
  A question about Dieticians. If a contract dietician reviews a 
  patient'smedical charts for dietary purposes, is he/she considered a BA? 
  Or wouldthis be considered part of 
  treatment.Thanks,Vikas---The WEDI SNIP 
  listserv to which you are subscribed is not moderated. The discussions on this 
  listserv therefore represent the views of the individual participants, and do 
  not necessarily represent the views of the WEDI Board of Directors nor WEDI 
  SNIP. If you wish to receive an official opinion, post your question to the 
  WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   
  These listservs should not be used for commercial marketing purposes or 
  discussion of specific vendor products and services.  They also are not 
  intended to be used as a forum for personal disagreements or unprofessional 
  communication at any time.You are currently subscribed to wedi-privacy 
  as: [EMAIL PROTECTED]To unsubscribe from 
  this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank 
  email to [EMAIL PROTECTED]If 
  you need to unsubscribe but your current email address is not the same as the 
  address subscribed to the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Are dieticians Business Associates?

[Vikas Budhiraja]

A question about Dieticians. If a contract dietician reviews a patient's
medical charts for dietary purposes, is he/she considered a BA? Or would
this be considered part of treatment.

Thanks,
Vikas



---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

RE: Physicians as business associates

[Matthew Rosenblum]

Jill,

 

Heath care treatment providers (acting in
the capacity of treatment providers) do not fit the definition of Business
Associate as defined in the Privacy regulations.  Therefore, a BAC is not
applicable.

 



I hope that this helps.

 

Your questions are always welcome.

 

Matt

 

Matthew
Rosenblum

Chief Operations Officer

Privacy, Quality Management &
Regulatory Affairs

http://www.CPIdirections.com

 

CPI Directions, Inc.

10 West 15th Street, Suite 1922

New York, NY 10011

 

(212) 675-6367

[EMAIL PROTECTED]

 

CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.  Please
notify the sender by E-Mail at the address shown and delete the original
message. Thank you.

 

AVISO DEL
CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener
información privilegiada, confidencial y exenta de acceso bajo la ley
aplicable. Si usted ha recibido esta comunicación por error, por favor
no lo distribuya.  Favor notificar al remitente del E-Mail a la
dirección mostrada y elimine el mensaje original. Gracias.

 



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

Sent: Monday, February 24, 2003
8:07 PM
To: WEDI SNIP Privacy Workgroup
List
Subject: Physicians as business
associates

 

Are physicians who provide temporary
service or vacation coverage business associates?

Thanks in advance.

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not intended
to be used as a forum for personal disagreements or unprofessional
communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe form
at http://subscribe.wedi.org 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Physicians as business associates

[JillGWlaw]

Are physicians who provide temporary service or vacation coverage business associates?

Thanks in advance.

Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: Business Associates Agreements

[Doug Webb]

William,
I stand corrected.
If I understand what this implies, the only time a BAA would not be required with a 
"Clearinghouse" would be if its only function is as a conduit of Standard Transactions.

The opinions expressed here are my own and not necessarily the opinion of LCMH.

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."



- Original Message - 
From: "William J. Kammerer" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Wednesday, February 05, 2003 10:37 AM
Subject: Re: Business Associates Agreements


> A covered entity clearinghouse may convert between standard and
> non-standard on behalf of another covered entity only when it's acting
> as a business associate (of that covered entity); see 45 CFR § 162.930.
> Otherwise, a clearinghouse can only serve as a conduit for standard
> transactions.
> 
> William J. Kammerer
> Novannet, LLC.
> Columbus, US-OH 43221-3859
> +1 (614) 487-0320
> 
> - Original Message -
> From: "Doug Webb" <[EMAIL PROTECTED]>
> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, 05 February, 2003 10:24 AM
> Subject: Re: Business Associates Agreements
> 
> 
> Brenda,
> As Noel pointed out, not quite.  They may be a CE in addition to being a
> BA, but, because they perform a function (billing) for the Provider,
> they are a BA of the provider.  If their functionality includes anything
> outside of obtaining non-standard claims information, generating
> standard claims information, and transmitting them (such as sending
> bills to patients), a BAA will be necessary.  Even in the event that the
> functionality is totally "clearinghouse", a BAA would be desirable to
> clarify where eveyone stands.
> 
> The opinions expressed here are my own and not necessarily the opinion
> of LCMH.
> 
> Douglas M. Webb
> Computer System Engineer
> Little Company of Mary Hospital & Health Care Centers
> [EMAIL PROTECTED]
> 
> - Original Message -
> From: "Brenda K. Burton" <[EMAIL PROTECTED]>
> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Wednesday, February 05, 2003 08:24 AM
> Subject: Re: Business Associates Agreements
> 
> 
> 
> Be careful, because not all billing companies are BA!  If the billing
> service translates a standard transaction, they they may well be
> considered a clearinghouse, thus, a covered entity.  It is correct,
> however, that a BAA is not necessary between a billing company and the
> payer.
> 
> 
> 
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
>on this listserv therefore represent the views of the individual participants, and do 
>not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
>you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
>Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
>commercial marketing purposes or discussion of specific vendor products and services. 
> They also are not intended to be used as a forum for personal disagreements or 
>unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org or send a blank email to 
>[EMAIL PROTECTED]
> If you need to unsubscribe but your current email address is not the same as the 
>address subscribed to the list, please use the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes o

Re: Business Associates Agreements

[William J. Kammerer]

A covered entity clearinghouse may convert between standard and
non-standard on behalf of another covered entity only when it's acting
as a business associate (of that covered entity); see 45 CFR § 162.930.
Otherwise, a clearinghouse can only serve as a conduit for standard
transactions.

William J. Kammerer
Novannet, LLC.
Columbus, US-OH 43221-3859
+1 (614) 487-0320

- Original Message -
From: "Doug Webb" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, 05 February, 2003 10:24 AM
Subject: Re: Business Associates Agreements


Brenda,
As Noel pointed out, not quite.  They may be a CE in addition to being a
BA, but, because they perform a function (billing) for the Provider,
they are a BA of the provider.  If their functionality includes anything
outside of obtaining non-standard claims information, generating
standard claims information, and transmitting them (such as sending
bills to patients), a BAA will be necessary.  Even in the event that the
functionality is totally "clearinghouse", a BAA would be desirable to
clarify where eveyone stands.

The opinions expressed here are my own and not necessarily the opinion
of LCMH.

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

- Original Message -
From: "Brenda K. Burton" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 05, 2003 08:24 AM
Subject: Re: Business Associates Agreements



Be careful, because not all billing companies are BA!  If the billing
service translates a standard transaction, they they may well be
considered a clearinghouse, thus, a covered entity.  It is correct,
however, that a BAA is not necessary between a billing company and the
payer.




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: Business Associates Agreements

[Brenda K. Burton]

WOW, I am sorry!!!  Yes, yes, you are totally right... the only point I was trying to 
make is that under HIPAA a billing service is not always just a BA, they can be 
considered a CE (i.e. clearinghouse).  Yes, they are a BA of the CE, i.e. the provider 
they bill for. And, yes, a CE can be a BA of another CE.  I apologize for whipping 
through my post without more thought or coffee.  I am embarrassed! Brenda

I have to disagree.  A billing company is a BA of any provider it provides 
> billing services to, as long as that provider is a covered entity.  Whether 
> or not the billing company themselves is a covered entity does not factor in 
> to the evaluation of if the billing company is a BA.
> 
> HHS has said several times you can be both a CE and BA.
> 
> If you perform a covered function on behalf of a CE then you are a BA of that 
> CE.
> 
> If you yourself meet the criteria to be a CE, then you are a CE.
> 
> If all I am is a BA, then all I have to worry about is having a BA agreement 
> and actually that is not even my concern.  It is the CE's who are obligated 
> under HIPAA to ensure the BAA is in place.  As a practical matter if the 
> clients of my business are predominantly CE's (as would be the case if I 
> owned a billing company that billed electronically) then as a convenience to 
> my clients I might want to take the initiative in preparing a BAA for all my 
> clients to sign.
> 
> If I am a BA and a CE, then I have to comply with all of HIPAA because of my 
> status as a CE (not because I am a BA).  Also note that as a CE, I now have 
> an obligation to ensure I have BA agreements in place, but that obligation is 
> only with respect to my BA's.  The clients of my billing company are not my 
> BA's, they are my clients.  My BA's are only people who perform covered 
> functions on my behalf.  My clients are not doing anything on behlaf of my 
> billing company.  But I am billing payers on their behalf so I am their BA 
> but they are not mine.
> 
> Clear as mud?
> 
> --
> Open WebMail Project (http://openwebmail.org)
> 
> 
> -- Original Message ---
> From: "Brenda K. Burton" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Sent: Wed, 05 Feb 2003 14:24:10 +
> Subject: Re: Business Associates Agreements
> 
> > Be careful, because not all billing companies are BA!  If the 
> > billing service translates a standard transaction, they they may 
> > well be considered a clearinghouse, thus, a covered entity.  It is 
> > correct, however, that a BAA is not necessary between a billing 
> > company and the payer.  
> > 
> > No.
> > > 
> > > Billing companies are Business Associates of their health care provider 
> > > clients because they are performing a covered function on behalf of those 
> > > client.
> > > 
> > > The insurance companies they bill to and the cilling company are each 
> > > performing their own discrete step in the paymeny process.  Neither is 
> > > performing any function on behalf of the other.
> > > 
> > > Noel Chang 
> > > 
> > > --
> > > Open WebMail Project (http://openwebmail.org)
> > > 
> > > 
> > > -- Original Message ---
> > > From: [EMAIL PROTECTED]
> > > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> > > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST)
> > > Subject: Business Associates Agreements
> > > 
> > > > Hi, I'm helping some small Billing companies in my area
> > > > become HIPAA compliant and I'm not sure if they need a
> > > > Business Associates Agreement with the Insurance
> > > > carriers that they submit claims to.  Any information
> > > > would be greatly appreciated.  
> > > > 
> > > > Thank you,
> > > > 
> > > > M.Noren
> > > > 
> > > > ---
> > > > The WEDI SNIP listserv to which you are subscribed is not moderated. 
> > > > The discussions on this listserv therefore represent the views of 
> > > > the individual participants, and do not necessarily represent the 
> > > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> > > > receive an official opinion, post your question to the WEDI SNIP 
> > > > Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> > > > should not be used for commercial marketing purposes or discussion 
> > > > of specific vendor products and services.  They also are not 
> > > > intended to be us

Re: Business Associates Agreements

[Noel Chang]

I have to disagree.  A billing company is a BA of any provider it provides 
billing services to, as long as that provider is a covered entity.  Whether 
or not the billing company themselves is a covered entity does not factor in 
to the evaluation of if the billing company is a BA.

HHS has said several times you can be both a CE and BA.

If you perform a covered function on behalf of a CE then you are a BA of that 
CE.

If you yourself meet the criteria to be a CE, then you are a CE.

If all I am is a BA, then all I have to worry about is having a BA agreement 
and actually that is not even my concern.  It is the CE's who are obligated 
under HIPAA to ensure the BAA is in place.  As a practical matter if the 
clients of my business are predominantly CE's (as would be the case if I 
owned a billing company that billed electronically) then as a convenience to 
my clients I might want to take the initiative in preparing a BAA for all my 
clients to sign.

If I am a BA and a CE, then I have to comply with all of HIPAA because of my 
status as a CE (not because I am a BA).  Also note that as a CE, I now have 
an obligation to ensure I have BA agreements in place, but that obligation is 
only with respect to my BA's.  The clients of my billing company are not my 
BA's, they are my clients.  My BA's are only people who perform covered 
functions on my behalf.  My clients are not doing anything on behlaf of my 
billing company.  But I am billing payers on their behalf so I am their BA 
but they are not mine.

Clear as mud?

--
Open WebMail Project (http://openwebmail.org)


-- Original Message ---
From: "Brenda K. Burton" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Wed, 05 Feb 2003 14:24:10 +
Subject: Re: Business Associates Agreements

> Be careful, because not all billing companies are BA!  If the 
> billing service translates a standard transaction, they they may 
> well be considered a clearinghouse, thus, a covered entity.  It is 
> correct, however, that a BAA is not necessary between a billing 
> company and the payer.  
> 
> No.
> > 
> > Billing companies are Business Associates of their health care provider 
> > clients because they are performing a covered function on behalf of those 
> > client.
> > 
> > The insurance companies they bill to and the cilling company are each 
> > performing their own discrete step in the paymeny process.  Neither is 
> > performing any function on behalf of the other.
> > 
> > Noel Chang 
> > 
> > --
> > Open WebMail Project (http://openwebmail.org)
> > 
> > 
> > -- Original Message ---
> > From: [EMAIL PROTECTED]
> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST)
> > Subject: Business Associates Agreements
> > 
> > > Hi, I'm helping some small Billing companies in my area
> > > become HIPAA compliant and I'm not sure if they need a
> > > Business Associates Agreement with the Insurance
> > > carriers that they submit claims to.  Any information
> > > would be greatly appreciated.  
> > > 
> > > Thank you,
> > > 
> > > M.Noren
> > > 
> > > ---
> > > The WEDI SNIP listserv to which you are subscribed is not moderated. 
> > > The discussions on this listserv therefore represent the views of 
> > > the individual participants, and do not necessarily represent the 
> > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> > > receive an official opinion, post your question to the WEDI SNIP 
> > > Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> > > should not be used for commercial marketing purposes or discussion 
> > > of specific vendor products and services.  They also are not 
> > > intended to be used as a forum for personal disagreements or 
> > > unprofessional communication at any time.
> > > 
> > > You are currently subscribed to wedi-privacy as: 
> > > [EMAIL PROTECTED] To unsubscribe from this list, go to the 
> > > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a 
> > > blank email to [EMAIL PROTECTED] If you 
> > > need to unsubscribe but your current email address is not the same 
> > > as the address subscribed to the list, please use the 
> > > Subscribe/Unsubscribe form at http://subscribe.wedi.org
> > --- End of Original Message ---
> > 
> > 
> > ---
> > The WEDI SNIP listserv to which you are subscribed is not moderated. The 
discussions on this listserv therefore represent the views o

Re: Business Associates Agreements

[Brenda K. Burton]

Yes, I understand the information Noel stated.  I didn't read her other post 
explaining it.  We are a billing service and a BA of the CE.  We (in our company) are 
a not a considered a clearinghouse by definition, so therefore not a CE. That was the 
point I was trying to make.  Thanks for the clarification.   Brenda


Brenda,
> As Noel pointed out, not quite.  They may be a CE in addition to being a BA, but, 
>because they perform a function (billing) for the Provider, they are a BA of the 
>provider.  If their functionality includes anything outside of obtaining non-standard 
>claims information, generating standard claims information, and transmitting them 
>(such as sending bills to patients), a BAA will be necessary.  Even in the event that 
>the functionality is totally "clearinghouse", a BAA would be desirable to clarify 
>where eveyone stands.
> 
> The opinions expressed here are my own and not necessarily the opinion of LCMH.
> 
> Douglas M. Webb
> Computer System Engineer
> Little Company of Mary Hospital & Health Care Centers
> [EMAIL PROTECTED]


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: Business Associates Agreements

[Doug Webb]

Brenda,
As Noel pointed out, not quite.  They may be a CE in addition to being a BA, but, 
because they perform a function (billing) for the Provider, they are a BA of the 
provider.  If their functionality includes anything outside of obtaining non-standard 
claims information, generating standard claims information, and transmitting them 
(such as sending bills to patients), a BAA will be necessary.  Even in the event that 
the functionality is totally "clearinghouse", a BAA would be desirable to clarify 
where eveyone stands.

The opinions expressed here are my own and not necessarily the opinion of LCMH.

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."



- Original Message - 
From: "Brenda K. Burton" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, February 05, 2003 08:24 AM
Subject: Re: Business Associates Agreements



Be careful, because not all billing companies are BA!  If the billing service 
translates a standard transaction, they they may well be considered a clearinghouse, 
thus, a covered entity.  It is correct, however, that a BAA is not necessary between a 
billing company and the payer.  

No.
> 
> Billing companies are Business Associates of their health care provider 
> clients because they are performing a covered function on behalf of those 
> client.
> 
> The insurance companies they bill to and the cilling company are each 
> performing their own discrete step in the paymeny process.  Neither is 
> performing any function on behalf of the other.
> 
> Noel Chang 
> 
> --
> Open WebMail Project (http://openwebmail.org)
> 
> 
> -- Original Message ---
> From: [EMAIL PROTECTED]
> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST)
> Subject: Business Associates Agreements
> 
> > Hi, I'm helping some small Billing companies in my area
> > become HIPAA compliant and I'm not sure if they need a
> > Business Associates Agreement with the Insurance
> > carriers that they submit claims to.  Any information
> > would be greatly appreciated.  
> > 
> > Thank you,
> > 
> > M.Noren
> > 
> > ---
> > The WEDI SNIP listserv to which you are subscribed is not moderated. 
> > The discussions on this listserv therefore represent the views of 
> > the individual participants, and do not necessarily represent the 
> > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> > receive an official opinion, post your question to the WEDI SNIP 
> > Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> > should not be used for commercial marketing purposes or discussion 
> > of specific vendor products and services.  They also are not 
> > intended to be used as a forum for personal disagreements or 
> > unprofessional communication at any time.
> > 
> > You are currently subscribed to wedi-privacy as: 
> > [EMAIL PROTECTED] To unsubscribe from this list, go to the 
> > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a 
> > blank email to [EMAIL PROTECTED] If you 
> > need to unsubscribe but your current email address is not the same 
> > as the address subscribed to the list, please use the 
> > Subscribe/Unsubscribe form at http://subscribe.wedi.org
> --- End of Original Message ---
> 
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
>on this listserv therefore represent the views of the individual participants, and do 
>not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
>you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
>Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
>commercial marketing purposes or discussion of specific vendor products and services. 
> They also are not intended to be used as a forum for personal disagreements or 
>unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTE

Re: Business Associates Agreements

[Brenda K. Burton]

Be careful, because not all billing companies are BA!  If the billing service 
translates a standard transaction, they they may well be considered a clearinghouse, 
thus, a covered entity.  It is correct, however, that a BAA is not necessary between a 
billing company and the payer.  

No.
> 
> Billing companies are Business Associates of their health care provider 
> clients because they are performing a covered function on behalf of those 
> client.
> 
> The insurance companies they bill to and the cilling company are each 
> performing their own discrete step in the paymeny process.  Neither is 
> performing any function on behalf of the other.
> 
> Noel Chang 
> 
> --
> Open WebMail Project (http://openwebmail.org)
> 
> 
> -- Original Message ---
> From: [EMAIL PROTECTED]
> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST)
> Subject: Business Associates Agreements
> 
> > Hi, I'm helping some small Billing companies in my area
> > become HIPAA compliant and I'm not sure if they need a
> > Business Associates Agreement with the Insurance
> > carriers that they submit claims to.  Any information
> > would be greatly appreciated.  
> > 
> > Thank you,
> > 
> > M.Noren
> > 
> > ---
> > The WEDI SNIP listserv to which you are subscribed is not moderated. 
> > The discussions on this listserv therefore represent the views of 
> > the individual participants, and do not necessarily represent the 
> > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> > receive an official opinion, post your question to the WEDI SNIP 
> > Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> > should not be used for commercial marketing purposes or discussion 
> > of specific vendor products and services.  They also are not 
> > intended to be used as a forum for personal disagreements or 
> > unprofessional communication at any time.
> > 
> > You are currently subscribed to wedi-privacy as: 
> > [EMAIL PROTECTED] To unsubscribe from this list, go to the 
> > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a 
> > blank email to [EMAIL PROTECTED] If you 
> > need to unsubscribe but your current email address is not the same 
> > as the address subscribed to the list, please use the 
> > Subscribe/Unsubscribe form at http://subscribe.wedi.org
> --- End of Original Message ---
> 
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
>on this listserv therefore represent the views of the individual participants, and do 
>not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
>you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
>Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
>commercial marketing purposes or discussion of specific vendor products and services. 
> They also are not intended to be used as a forum for personal disagreements or 
>unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org or send a blank email to 
>[EMAIL PROTECTED]
> If you need to unsubscribe but your current email address is not the same as the 
>address subscribed to the list, please use the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: Business Associates Agreements

[Noel Chang]

If the billing company is a clearinghouse then they are both a CE and a BA of 
their clients.

HHS has clarified that CE and BA status do not have to be mutually 
exclusive.  You can be both a CE and a BA.  Note however that BA 
relationships can be one way or they can be reciprocal.

Yes a clearinghouse is a CE and as a CE they are obligated to have BA 
agreements in place with all of their BA's.  But the providers who use the 
clearinghouse are not BA's of the clearinghouse.  This would be a one way 
relationship where the clearinghouse is a BA of the provider but not visa 
versa.  The key here is who is performing functions on behlaf of whom?  The 
clearinghouse is providing billing services on behalf of the provider.  The 
provider is not doing anything on behalf of the clearinghouse.

Noel Chang

--
Open WebMail Project (http://openwebmail.org)


-- Original Message ---
From: "Brenda K. Burton" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Tue, 04 Feb 2003 22:05:21 +
Subject: Re: Business Associates Agreements

> "If the billing company does all its transactions as Standard 
> Transactions", then it would be considered a clearinghouse and 
> therefore a CE rather than a BA; is this not correct?
> 
> And the CE is actually the one that is technically responsible in 
> implementing the BA agreement, aren't they?
> 
> Just my thoughts!  ~Brenda
> 
>  The Billing Companies won't need to ensure any BAAs are in place 
> unless someone out there acts on behalf of the Billing Company 
> rather than on behalf of the Covered Entity (Provider) [CUSTOMER!]
> > 
> > Their Customers will need BAAs in place with the following:
> > *   The Billing Company
> > *   A Collection Agency, if used
> > *   Any Transactions Clearinghouse (note: if the Billing Company does all 
its transactions as Standard Transactions, a BAA is not required with a 
clearinghouse acting only as a switcher -- just an ordinary contract to do 
business)
> > 
> > Neither the Billing Company nor their Customers need BAAs with any Health 
Plans unless they doing a non-health-plan function.
> > 
> > 
> > The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
> > 
> > Douglas M. Webb
> > Computer System Engineer
> > Little Company of Mary Hospital & Health Care Centers
> > [EMAIL PROTECTED]
> > 
> > "This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual
(s) and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy 
this message, and do not disclose its contents or take action in reliance on 
the information it contains. Thank you."
> > 
> > 
> > 
> > - Original Message - 
> > From: <[EMAIL PROTECTED]>
> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> > Sent: Tuesday, February 04, 2003 02:11 PM
> > Subject: Business Associates Agreements
> > 
> > 
> > > Hi, I'm helping some small Billing companies in my area
> > > become HIPAA compliant and I'm not sure if they need a
> > > Business Associates Agreement with the Insurance
> > > carriers that they submit claims to.  Any information
> > > would be greatly appreciated.  
> > > 
> > > Thank you,
> > > 
> > > M.Noren
> > > 
> > > ---
> > > The WEDI SNIP listserv to which you are subscribed is not moderated. 
The discussions on this listserv therefore represent the views of the 
individual participants, and do not necessarily represent the views of the 
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official 
opinion, post your question to the WEDI SNIP Issues Database at 
http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and 
services.  They also are not intended to be used as a forum for personal 
disagreements or unprofessional communication at any time.
> > > 
> > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to leave-wedi-privacy-
[EMAIL PROTECTED]
> > > If you need to unsubscribe but your current email address is not the 
same as the address subscribed to the list, please use the 
Subscribe/Unsubscribe form at http://subscribe.wedi.org
> >

Re: Business Associates Agreements

[Noel Chang]

No.

Billing companies are Business Associates of their health care provider 
clients because they are performing a covered function on behalf of those 
client.

The insurance companies they bill to and the cilling company are each 
performing their own discrete step in the paymeny process.  Neither is 
performing any function on behalf of the other.

Noel Chang 

--
Open WebMail Project (http://openwebmail.org)


-- Original Message ---
From: [EMAIL PROTECTED]
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST)
Subject: Business Associates Agreements

> Hi, I'm helping some small Billing companies in my area
> become HIPAA compliant and I'm not sure if they need a
> Business Associates Agreement with the Insurance
> carriers that they submit claims to.  Any information
> would be greatly appreciated.  
> 
> Thank you,
> 
> M.Noren
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. 
> The discussions on this listserv therefore represent the views of 
> the individual participants, and do not necessarily represent the 
> views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
> receive an official opinion, post your question to the WEDI SNIP 
> Issues Database at http://snip.wedi.org/tracking/.   These listservs 
> should not be used for commercial marketing purposes or discussion 
> of specific vendor products and services.  They also are not 
> intended to be used as a forum for personal disagreements or 
> unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: 
> [EMAIL PROTECTED] To unsubscribe from this list, go to the 
> Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a 
> blank email to [EMAIL PROTECTED] If you 
> need to unsubscribe but your current email address is not the same 
> as the address subscribed to the list, please use the 
> Subscribe/Unsubscribe form at http://subscribe.wedi.org
--- End of Original Message ---


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

RE: Business Associates Agreements

[Leslie C Bender]

M.
Noren - A few thoughts,

 

(1)
it is a little tricky determining whether or not a billing company based on the
services it provides its clients is a "clearinghouse" for HIPAA
purposes or just a business associate - so as a threshold matter it will be
important to ascertain whether or not the services each of the billing
companies you work with triggers the HIPAA clearinghouse definition;

(2)
in all likelihood your billing service clients serve providers, not payers, so
even if they are deemed to be clearinghouses for HIPAA purposes based on their
activities, it is still unlikely they would need BA agreements with payers;

(3)  given
the size of your clients, they may have clients who are small providers who are
facing some HIPAA implementation challenges and may be in the habit of
obtaining lots of types of technical assistance from their billing
services.  In this case, the small
providers may even be expecting their billing services to assist them in their
HIPAA compliance efforts (including helping them put together a HIPAA compliant
business associate agreement). 
There is an excellent small practice implementation guide at the http://snip.wedi.org
website, readily downloadable and a wonderful tool for the project.  Your clients may find it beneficial as
well in understanding their clients' challenges.  There is also a general
"model" of BA language at the OCR website, again downloadable and
very usable that your clients may feel comfortable to providing to their small
provider clients to assist them in the process (http://aspe.os.dhhs.gov/admnsimp).
 Many of the regional units of WEDiSNIP, the URLs are all accessible through the central WEDiSNIP website, have excellent forms, templates and
explanatory materials too and educational programs.  In our region, the Mid Atlantic, we have
4 upcoming meetings designed to assist the small provider with privacy
implementation issues and if you are in our area our website is www.mahicentral.org.

(4)
there are several trade and professional associations,
non profits, with excellent training and compliance assistance materials
designed for billing services and collection agencies, notably the ACA
International and AMBA.  I believe
there may be others as well.  You
and your clients may find cost-effective "targeted" HIPAA compliance
resources this way as well.

 

Hope
you find this helpful.

 

Leslie C. Bender

 

General Counsel/Privacy Official

The ROI Companies

1922 Greenspring Drive, Suite 7

Timonium, Maryland  21093

 

 

-Original
Message-
From: Doug Webb [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February
 04, 2003 3:58 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: Business Associates Agreements

 

The
Billing Companies won't need to ensure any BAAs are in place unless someone out
there acts on behalf of the Billing Company rather than on behalf of the
Covered Entity (Provider) [CUSTOMER!]

 

Their
Customers will need BAAs in place with the following:

*   The Billing Company

*   A Collection Agency, if used

*   Any Transactions Clearinghouse
(note: if the Billing Company does all its transactions as Standard
Transactions, a BAA is not required with a clearinghouse acting only as a
switcher -- just an ordinary contract to do business)

 

Neither
the Billing Company nor their Customers need BAAs with any Health Plans unless
they doing a non-health-plan function.

 

 

The
opinions expressed here are my own and not necessarily the opinion of LCMH.

 

Douglas
M. Webb

Computer
System Engineer

Little
Company of Mary Hospital & Health Care Centers

[EMAIL PROTECTED]

 

"This
electronic message may contain information that is confidential and/or legally
privileged. It is intended only for the use of the individual(s) and entity(s)  named as recipients in the message. If
you are not an intended recipient of the message, please notify the sender
immediately,  delete the material
from any computer, do not deliver, distribute, or copy this message, and do not
disclose its contents or take action in reliance on the information it
contains. Thank you."

 

 

 

-
Original Message - 

From:
<[EMAIL PROTECTED]>

To:
"WEDI SNIP Privacy Workgroup List"
<[EMAIL PROTECTED]>

Sent:
Tuesday, February 04,
 2003 02:11 PM

Subject:
Business Associates Agreements

 

 

>
Hi, I'm helping some small Billing companies in my area

>
become HIPAA compliant and I'm not sure if they need a

>
Business Associates Agreement with the Insurance

>
carriers that they submit claims to. 
Any information

>
would be greatly appreciated.  

>


>
Thank you,

>


>
M.Noren

>


>
---

>
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Direct

Re: Business Associates Agreements

[Brenda K. Burton]

"If the billing company does all its transactions as Standard Transactions", then it 
would be considered a clearinghouse and therefore a CE rather than a BA; is this not 
correct?

And the CE is actually the one that is technically responsible in implementing the BA 
agreement, aren't they?

Just my thoughts!  ~Brenda




 The Billing Companies won't need to ensure any BAAs are in place unless someone out 
there acts on behalf of the Billing Company rather than on behalf of the Covered 
Entity (Provider) [CUSTOMER!]
> 
> Their Customers will need BAAs in place with the following:
> *   The Billing Company
> *   A Collection Agency, if used
> *   Any Transactions Clearinghouse (note: if the Billing Company does all its 
>transactions as Standard Transactions, a BAA is not required with a clearinghouse 
>acting only as a switcher -- just an ordinary contract to do business)
> 
> Neither the Billing Company nor their Customers need BAAs with any Health Plans 
>unless they doing a non-health-plan function.
> 
> 
> The opinions expressed here are my own and not necessarily the opinion of LCMH.
> 
> Douglas M. Webb
> Computer System Engineer
> Little Company of Mary Hospital & Health Care Centers
> [EMAIL PROTECTED]
> 
> "This electronic message may contain information that is confidential and/or legally 
>privileged. It is intended only for the use of the individual(s) and entity(s)  named 
>as recipients in the message. If you are not an intended recipient of the message, 
>please notify the sender immediately,  delete the material from any computer, do not 
>deliver, distribute, or copy this message, and do not disclose its contents or take 
>action in reliance on the information it contains. Thank you."
> 
> 
> 
> - Original Message - 
> From: <[EMAIL PROTECTED]>
> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
> Sent: Tuesday, February 04, 2003 02:11 PM
> Subject: Business Associates Agreements
> 
> 
> > Hi, I'm helping some small Billing companies in my area
> > become HIPAA compliant and I'm not sure if they need a
> > Business Associates Agreement with the Insurance
> > carriers that they submit claims to.  Any information
> > would be greatly appreciated.  
> > 
> > Thank you,
> > 
> > M.Noren
> > 
> > ---
> > The WEDI SNIP listserv to which you are subscribed is not moderated. The 
>discussions on this listserv therefore represent the views of the individual 
>participants, and do not necessarily represent the views of the WEDI Board of 
>Directors nor WEDI SNIP. If you wish to receive an official opinion, post your 
>question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These 
>listservs should not be used for commercial marketing purposes or discussion of 
>specific vendor products and services.  They also are not intended to be used as a 
>forum for personal disagreements or unprofessional communication at any time.
> > 
> > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org or send a blank email to 
>[EMAIL PROTECTED]
> > If you need to unsubscribe but your current email address is not the same as the 
>address subscribed to the list, please use the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
>on this listserv therefore represent the views of the individual participants, and do 
>not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
>you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
>Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
>commercial marketing purposes or discussion of specific vendor products and services. 
> They also are not intended to be used as a forum for personal disagreements or 
>unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org or send a blank email to 
>[EMAIL PROTECTED]
> If you need to unsubscribe but your current email address is not the same as the 
>address subscribed to the list, please use the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Boar

Re: Business Associates Agreements

[Chris Graff]

They should not need a BAA for the 
carriers that they submit claims to, but they might need one for the providers 
that they are submitting claims for.  They are acting on behalf of the 
providers in a billing situation, are they not?  In which case it would 
truly depend on their relationship with the provider not the carrier in 
which they are sending the information to on behalf of the provider.  

 
Hope that help.
 
 
 
Thank you,
 
Chris GraffProject ManagerOmni Resources
 
>>> <[EMAIL PROTECTED]> 02/04/03 02:11PM 
>>>Hi, I'm helping some small Billing companies in my 
areabecome HIPAA compliant and I'm not sure if they need aBusiness 
Associates Agreement with the Insurancecarriers that they submit claims 
to.  Any informationwould be greatly appreciated.  Thank 
you,M.Noren---The WEDI SNIP listserv to which you are 
subscribed is not moderated. The discussions on this listserv therefore 
represent the views of the individual participants, and do not necessarily 
represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to 
receive an official opinion, post your question to the WEDI SNIP Issues Database 
at http://snip.wedi.org/tracking/.   
These listservs should not be used for commercial marketing purposes or 
discussion of specific vendor products and services.  They also are not 
intended to be used as a forum for personal disagreements or unprofessional 
communication at any time.You are currently subscribed to wedi-privacy 
as: [EMAIL PROTECTED]To unsubscribe from this list, go to the 
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank 
email to [EMAIL PROTECTED]If you need to 
unsubscribe but your current email address is not the same as the address 
subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: Business Associates Agreements

[Doug Webb]

The Billing Companies won't need to ensure any BAAs are in place unless someone out 
there acts on behalf of the Billing Company rather than on behalf of the Covered 
Entity (Provider) [CUSTOMER!]

Their Customers will need BAAs in place with the following:
*   The Billing Company
*   A Collection Agency, if used
*   Any Transactions Clearinghouse (note: if the Billing Company does all its 
transactions as Standard Transactions, a BAA is not required with a clearinghouse 
acting only as a switcher -- just an ordinary contract to do business)

Neither the Billing Company nor their Customers need BAAs with any Health Plans unless 
they doing a non-health-plan function.


The opinions expressed here are my own and not necessarily the opinion of LCMH.

Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]

"This electronic message may contain information that is confidential and/or legally 
privileged. It is intended only for the use of the individual(s) and entity(s)  named 
as recipients in the message. If you are not an intended recipient of the message, 
please notify the sender immediately,  delete the material from any computer, do not 
deliver, distribute, or copy this message, and do not disclose its contents or take 
action in reliance on the information it contains. Thank you."



- Original Message - 
From: <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Tuesday, February 04, 2003 02:11 PM
Subject: Business Associates Agreements


> Hi, I'm helping some small Billing companies in my area
> become HIPAA compliant and I'm not sure if they need a
> Business Associates Agreement with the Insurance
> carriers that they submit claims to.  Any information
> would be greatly appreciated.  
> 
> Thank you,
> 
> M.Noren
> 
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
>on this listserv therefore represent the views of the individual participants, and do 
>not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
>you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
>Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
>commercial marketing purposes or discussion of specific vendor products and services. 
> They also are not intended to be used as a forum for personal disagreements or 
>unprofessional communication at any time.
> 
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org or send a blank email to 
>[EMAIL PROTECTED]
> If you need to unsubscribe but your current email address is not the same as the 
>address subscribed to the list, please use the Subscribe/Unsubscribe form at 
>http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Business Associates Agreements

[mnoren]

Hi, I'm helping some small Billing companies in my area
become HIPAA compliant and I'm not sure if they need a
Business Associates Agreement with the Insurance
carriers that they submit claims to.  Any information
would be greatly appreciated.  

Thank you,

M.Noren

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Re: Business Associates

[Doug Webb]

Traci,
It looks to me like someone's trying to cover 
all bases with a shotgun approach (run it up the flagpole and see who 
salutes) .
 
My understanding is that you wouldn't need a 
BAC any more than a surgeon's office needs one with a Primary Care Physician 
referring a patient to them.  This is Covered Entity to Covered Entity for 
the purposes of Treatment.
 
The opinions expressed here are my own and not necessarily the opinion of 
LCMH.
 
Douglas M. WebbComputer System EngineerLittle Company of Mary 
Hospital & Health Care Centers[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential 
and/or legally privileged. It is intended only for the use of the individual(s) 
and entity(s)  named as recipients in the message. If you are not an 
intended recipient of the message, please notify the sender immediately,  
delete the material from any computer, do not deliver, distribute, or copy this 
message, and do not disclose its contents or take action in reliance on the 
information it contains. Thank you."
 
 

  - Original Message - 
  From: 
  Traci Winter 
  
  To: WEDI SNIP Privacy Workgroup List 
  
  Sent: Wednesday, January 22, 2003 12:47 
  PM
  Subject: Business Associates
  
  Hey everyone, I know this topic has been hashed out like crazy but I find 
  myself confused.
   
  As a homecare agency we receive our business via referrals from health 
  care facilities and MD offices. We are not providing services on behalf of 
  these entities. It was my understanding that we wouldn't be considered BAs of 
  these CEs but, due to receiving a BAC in the mail today, I find that I am now 
  unsure…
   
  Help….
   
  Traci Winter
  Hospitals Home Health Care, Inc.
  Special Projects Coordinator, Privacy Official---The WEDI SNIP 
  listserv to which you are subscribed is not moderated. The discussions on this 
  listserv therefore represent the views of the individual participants, and do 
  not necessarily represent the views of the WEDI Board of Directors nor WEDI 
  SNIP. If you wish to receive an official opinion, post your question to the 
  WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs 
  should not be used for commercial marketing purposes or discussion of specific 
  vendor products and services. They also are not intended to be used as a forum 
  for personal disagreements or unprofessional communication at any 
  time.You are currently subscribed to wedi-privacy as: 
  [EMAIL PROTECTED]To unsubscribe from this list, go to the 
  Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email 
  to [EMAIL PROTECTED]If you need to unsubscribe 
  but your current email address is not the same as the address subscribed to 
  the list, please use the Subscribe/Unsubscribe form at 
  http://subscribe.wedi.org 
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Business Associates

[Traci Winter]

Hey everyone, I know this topic has been hashed out like crazy but I find 
myself confused.
 
As a homecare agency we receive our business via referrals from health care 
facilities and MD offices. We are not providing services on behalf of these 
entities. It was my understanding that we wouldn't be considered BAs of these 
CEs but, due to receiving a BAC in the mail today, I find that I am now 
unsure…
 
Help….
 
Traci Winter
Hospitals Home Health Care, Inc.
Special Projects Coordinator, Privacy Official
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Re: Board of Directors - Workforce or Business Associates?

[Brenda Olson]

We are treating ours as "workforce" and having them sign confidentiality
statements.
brenda olson
Leslie C Bender wrote:


How
are organizations classifying Board of Directors or Trustee members?Workforce
-- or since they are not "under the direction" of the covered entity, but
have a need from time to time, to receive PHI, or might they better be
classified as “business associates” and need a business associate agreement?
Leslie
C. Bender
General
Counsel/Privacy Official
The ROI Companies
1922
Greenspring Drive, Suite 7
Timonium, Maryland21093








---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form
at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org

--
Brenda Olson, M.Ed., RHIA
Vice President for Health Info Management
Great Plains Health Alliance, Inc.
7316 SW 27th Street
Topeka, KS  66614
Phone: 785-478-3659
Fax: 785-478-9780
email: [EMAIL PROTECTED]
 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Board of Directors - Workforce or Business Associates?

[Matthew Rosenblum]

Leslie,

 

A
Corporation's charter and bylaws would "control" how the Board may
function.  Consequently, the Board could be construed as part of the
workforce.

 

Further,
in the Preamble to the (initial) Final Privacy rules, HHS notes that,
"independent contractors may or may not be workforce members. 
However, for compliance purposes we will assume that such personnel are members
of the workforce if no business associate contract exists."

 

I hope that this helps.

 

Your questions are always welcome.

 

Matt

 

Matthew
Rosenblum

Chief Operations Officer

Privacy, Quality Management &
Regulatory Affairs

http://www.CPIdirections.com

 

CPI Directions, Inc.

10 West 15th Street, Suite 1922

New York, NY 10011

 

(212) 675-6367

[EMAIL PROTECTED]

 

CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.  Please
notify the sender by E-Mail at the address shown and delete the original
message. Thank you.

 

AVISO DEL
CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener
información privilegiada, confidencial y exenta de acceso bajo la ley
aplicable. Si usted ha recibido esta comunicación por error, por favor
no lo distribuya.  Favor notificar al remitente del E-Mail a la
dirección mostrada y elimine el mensaje original. Gracias.

 



-Original Message-
From: Leslie C Bender
[mailto:[EMAIL PROTECTED]] 
Sent: Thursday,
 January 16, 2003 4:12 PM
To: WEDI SNIP Privacy Workgroup
List
Cc: 'Drexler, Deborah (EHS)'
Subject: RE: Board of Directors -
Workforce or Business Associates?

 

How are organizations classifying Board of Directors
or Trustee members?  Workforce -- or since they are not "under the
direction" of the covered entity, but have a need from time to time, to
receive PHI, or might they better be classified as “business
associates” and need a business associate agreement?

Leslie C. Bender 

General Counsel/Privacy Official 
The ROI Companies 
  1922 Greenspring Drive, Suite 7
 
  Timonium, Maryland  21093 

 

 

 

 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not intended
to be used as a forum for personal disagreements or unprofessional
communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe form
at http://subscribe.wedi.org 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: Board of Directors - Workforce or Business Associates?

[Leslie C Bender]

How are
organizations classifying Board of Directors or Trustee members?  Workforce -- or since they are not
"under the direction" of the covered entity, but have a need from
time to time, to receive PHI, or might they better be classified as “business
associates” and need a business associate agreement?

Leslie C.
Bender 

General
Counsel/Privacy Official 
The ROI Companies 
1922
  Greenspring Drive, Suite 7 
Timonium, Maryland  21093 

 

 

 

 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

RE: PRIVACY: CLEARINGHOUSES ACTING AS BUSINESS ASSOCIATES

[Matthew Rosenblum]

Bard,

 

CE’s are precluded from sharing PHI
with BA’s that are NOT compliant with the Privacy rules.

 

I hope that this helps.

 

Your questions are always welcome.

 

Matt

 

Matthew
Rosenblum

Chief Operations Officer

Privacy, Quality Management &
Regulatory Affairs

http://www.CPIdirections.com

 

CPI Directions, Inc.

10 West 15th Street, Suite 1922

New York, NY 10011

 

(212) 675-6367

[EMAIL PROTECTED]

 

CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.  Please
notify the sender by E-Mail at the address shown and delete the original
message. Thank you.

 

AVISO DEL
CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener
información privilegiada, confidencial y exenta de acceso bajo la ley
aplicable. Si usted ha recibido esta comunicación por error, por favor
no lo distribuya.  Favor notificar al remitente del E-Mail a la
dirección mostrada y elimine el mensaje original. Gracias.

 



-Original Message-
From: Bard, Greg
[mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 15, 2003
10:02 AM
To: WEDI SNIP Privacy Workgroup
List
Subject: PRIVACY: CLEARINGHOUSES
ACTING AS BUSINESS ASSOCIATES

 

In the preamble to the Privacy Regulation, there is a
discussion as to the applicability of the requirements in Section
164.500.  From the discussion, it appears that a healthcare clearinghouse,
acting as a Business Associate, does not need to honor the requirements for
individual requests for privacy protections.  This would be all the
individual rights. However, it seems that the Business Associate contract must
include provisions for access/copy, amendment, and accounting of disclosures.

 

Am I interpreting this correctly and can someone
provide clarification?

 

Thanks!

 

 

 

Greg Bard

NASCO

HIPAA Privacy and Security Project Manager

(W) 678.441.6059

(F)  678.441.6359

[EMAIL PROTECTED]

 

 

__

CONFIDENTIALITY NOTICE

The information in this message (and the documents
attached to it, if any) is confidential and may be legally privileged. It is
intended solely for the addressee. Access to this message by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying,
distribution or any action taken, or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this message in error,
please delete all electronic copies of this message (and the documents attached
to it, if any), destroy any hard copies you may have created and notify me
immediately. Thank you.

 

 

 

 

 

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not intended
to be used as a forum for personal disagreements or unprofessional
communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org
or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe form
at http://subscribe.wedi.org 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

PRIVACY: CLEARINGHOUSES ACTING AS BUSINESS ASSOCIATES

[Bard, Greg]

In the preamble to the Privacy Regulation, there is a discussion as to
the applicability of the requirements in Section 164.500.  From the
discussion, it appears that a healthcare clearinghouse, acting as a Business
Associate, does not need to honor the requirements for individual requests for
privacy protections.  This would be all the individual rights. However, it
seems that the Business Associate contract must include provisions for
access/copy, amendment, and accounting of disclosures.

 

Am I interpreting this correctly and can someone provide clarification?

 

Thanks!

 

 

 

Greg Bard

NASCO

HIPAA Privacy and Security Project Manager

(W) 678.441.6059

(F)  678.441.6359

[EMAIL PROTECTED]

 

 

__

CONFIDENTIALITY NOTICE

The information in this message (and the documents attached to it, if
any) is confidential and may be legally privileged. It is intended solely for
the addressee. Access to this message by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or any
action taken, or omitted to be taken in reliance on it is prohibited and may be
unlawful. If you have received this message in error, please delete all
electronic copies of this message (and the documents attached to it, if any),
destroy any hard copies you may have created and notify me immediately. Thank
you.

 

 

 

 

 




---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Are these Business Associates

[rahul singh]

Are the following busness associates:

Contract Social workers
Contract physical therapists and dieticians
Funeral Homes

Thanks





_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org