RE: Business associates
Traci- Additionally, in our situation the clouding factor is that we do not actively supervise these folks and they then as a nature of that relationship do work on "our behalf" making them a business associate and not an "extension of the workforce" Just how we have decided to handle it at this point Craig Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message-From: Traci Winter [mailto:[EMAIL PROTECTED]Sent: Wednesday, March 26, 2003 9:48 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Business associates I keep going around and around on this topic. We have a few contracts with outside agencies that provide us will supplemental nursing/home health aide services. We provide them with the pertinent info about a patient and they provide services to the patient under our control & supervision. The forms and documentation completed are those provided by our agency and are submitted to our agency within a week of services. I can't come to a definite decision on whether we need to generate a HIPAA compliant BAC/BAA or not. Input appreciated, thanks in advance. Traci Winter Hospitals Home Health Care, Inc. Fulton, NY 13069---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Business associates
Traci- I, along with you,have gone around and around on this topic. I have never been given a definite answer and it appears to be one of personal choice. We provide similiar services as you. Ou legal counsel has instructed us to draft a simple language business associate agreement. In addition providing them with the education that we have provided to our own staff about what our HIPAA policies and procedures will be. Craig Moen, MPT Director of Rehabilitation THERAPY 2000 Confidential Information This email message is intended only for the person or entity to which it is addressed. Unless otherwise indicated or obvious by the nature of this transmittal, the information contained in this email message is privileged and confidential, intended for the use of the intended recipient (or the employee or agent responsible to deliver to the intended recipient), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message THERAPY 2000 1881 Sylvan Avenue Suite 210 Dallas, Tx 75208 -Original Message-From: Traci Winter [mailto:[EMAIL PROTECTED]Sent: Wednesday, March 26, 2003 9:48 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Business associates I keep going around and around on this topic. We have a few contracts with outside agencies that provide us will supplemental nursing/home health aide services. We provide them with the pertinent info about a patient and they provide services to the patient under our control & supervision. The forms and documentation completed are those provided by our agency and are submitted to our agency within a week of services. I can't come to a definite decision on whether we need to generate a HIPAA compliant BAC/BAA or not. Input appreciated, thanks in advance. Traci Winter Hospitals Home Health Care, Inc. Fulton, NY 13069---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business associates
Sounds to me like you should treat them as a member of your workforce, which I believe would obviate the need for a BAA. Noel Chang Integral Practice Solutions -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: "Traci Winter" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Wed, 26 Mar 2003 10:47:59 -0500 Subject: Business associates > I keep going around and around on this topic. We have a few > contracts with outside agencies that provide us will supplemental > nursing/home health aide services. We provide them with the > pertinent info about a patient and they provide services to the > patient under our control & supervision. The forms and documentation > completed are those provided by our agency and are submitted to our > agency within a week of services. > > I can't come to a definite decision on whether we need to generate a > HIPAA compliant BAC/BAA or not. > > Input appreciated, thanks in advance. > > Traci Winter > Hospitals Home Health Care, Inc. > Fulton, NY 13069 > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of > the individual participants, and do not necessarily represent the > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > receive an official opinion, post your question to the WEDI SNIP > Issues Database at http://snip.wedi.org/tracking/. These listservs > should not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: > [EMAIL PROTECTED] To unsubscribe from this list, go to the > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > blank email to [EMAIL PROTECTED] If you > need to unsubscribe but your current email address is not the same > as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org --- End of Original Message --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Business associates
I keep going around and around on this topic. We have a few contracts with outside agencies that provide us will supplemental nursing/home health aide services. We provide them with the pertinent info about a patient and they provide services to the patient under our control & supervision. The forms and documentation completed are those provided by our agency and are submitted to our agency within a week of services. I can't come to a definite decision on whether we need to generate a HIPAA compliant BAC/BAA or not. Input appreciated, thanks in advance. Traci Winter Hospitals Home Health Care, Inc. Fulton, NY 13069 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Tracking Disclosures by Business Associates
From the OCR Guidelines published Dec 3, 2003: (Key point concerning shredding is underlined. It specifically addresses on-site versus off-site shredding services.) Q: Is a business associate contract required with organizations or persons where inadvertent contact with protected health information may result - such as in the case of janitorial services? A: A business associate contract is not required with persons or organizations whose functions, activities, or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all. Generally, janitorial services that clean the offices or facilities of a covered entity are not business associates because the work they perform for covered entities does not involve the use or disclosure of protected health information, and any disclosure of protected health information to janitorial personnel that occurs in the performance of their duties (such as may occur while emptying trash cans) is limited in nature, occurs as a by-product of their janitorial duties, and could not be reasonably prevented. Such disclosures are incidental and permitted by the HIPAA Privacy Rule. See 45 CFR 164.502(a)(1). If a service is hired to do work for a covered entity where disclosure of protected health information is not limited in nature (such as routine handling of records or shredding of documents containing protected health information), it likely would be a business associate. However, when such work is performed under the direct control of the covered entity (e.g., on the covered entity's premises), the Privacy Rule permits the covered entity to treat the service as part of its workforce, and the covered entity need not enter into a business associate contract with the service. Ron MooreState HIPAA Coordinator1201 Main Street, Suite 850Columbia, SC 29201Phone: 803-737-0627[EMAIL PROTECTED]www.hipaa.state.sc.us>>> Jason Brege <[EMAIL PROTECTED]> 03/11/03 11:36AM >>> I would have originally thought disposal was operations as well, but when I looked at the definition of healthcare operations in 164.501, it really seemed like a stretch. It doesn't fit into any of the 6 main areas under this definition: 1.Quality assessment and improvement activities, 2.Reviewing the competence or qualifications of health care professionals, 3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning and development, 6.Business management. The only place to squeeze it in would be Business Management, but shredding documents doesn't seem to really fit with the 5 "included but not limited to" examples under that part. It really just depends on your legal counsel and how your risk assessments see this issue. Practically, I think it would be absolutely insane to account for every piece of PHI on every piece of paper that you destroy. I think there are ways to justify this as Business Management, and I think your documentation of this decision would be key. I believe this is one reason why most entities have just brought shredders or shredding companies onsite. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 11:18 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RE: Tracking Disclosures by Business Associates Wouldn't disposal come under operations? We have a vendor who picks us locked bins of documents to be shredded. We have had them sign a Business Associate Agreement (we are also Business Associates.) I would not think there would be a need for accounting for these pick ups to be logged as disclosures. Joanne Marquez Senior Director Beech Street Corporation Account Services (949) 672-1519 -Original Message-From: Jason Brege [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Tracking Disclosures by Business Associates I'm not entirely sure who "you" is in your question, but I assumed that you are asking about business associates disclosing to business associates, so here's a stab at an answer. It might also apply if you're asking about CE disclosures to transcription/disposal agencies. I believe a business associate would have to account for those disclosures to other business associates where the disclosure is not for treatment, payment, or healthcare operations purposes. Given our nature as a collection agency, most (if not all) of our disclosures are exempt from accounting because they are for payment purposes. If we had a transcription service, it could possibly need accounting, but
RE: Tracking Disclosures by Business Associates
Title: Message No, a "disclosure" to a business associate is not a true disclosure since the business associate is actually acting in the place of the covered entity. Thus, no disclosure has taken place for all intents and purposes. Rachel Foerster Rachel Foerster & Associates, Ltd. Voice: 847-872-8070 email: [EMAIL PROTECTED] http://www.rfa-edi.com # This transmission may be confidential or protected from disclosure and is only for review and use by the intended recipient. Access by anyone else is unauthorized. Any unauthorized reader is hereby notified that any review, use, dissemination, disclosure or copying of this information, or any act or omission taken in reliance on it, is prohibited and may be unlawful. If you received this transmission in error, please notify the sender immediately. Thank you. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 8:44 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: Tracking Disclosures by Business AssociatesBy the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...Jill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Tracking Disclosures by Business Associates
I think these clearly fall under operations under (6) Business management and general administrative activities of the entity. Health care operations is meant to encompass the normal things a business does to "operate" or a run a business, which would include the mundane trash/secure disposal, janitors, transcription and other secretarial services, etc. The need for business associate agreement is dependent on whether access to PHI is necessary to accomplish the service. Regards, lhc Leah Hole-Curry, JD FOX Systems, Inc. 602.708.1045 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. >>> Jason Brege <[EMAIL PROTECTED]> 03/11/03 09:00 AM >>> I would have originally thought disposal was operations as well, but when I looked at the definition of healthcare operations in 164.501, it really seemed like a stretch. It doesn't fit into any of the 6 main areas under this definition: 1.Quality assessment and improvement activities, 2.Reviewing the competence or qualifications of health care professionals, 3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning and development, 6.Business management. The only place to squeeze it in would be Business Management, but shredding documents doesn't seem to really fit with the 5 "included but not limited to" examples under that part. It really just depends on your legal counsel and how your risk assessments see this issue. Practically, I think it would be absolutely insane to account for every piece of PHI on every piece of paper that you destroy. I think there are ways to justify this as Business Management, and I think your documentation of this decision would be key. I believe this is one reason why most entities have just brought shredders or shredding companies onsite. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 11:18 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Tracking Disclosures by Business Associates Wouldn't disposal come under operations? We have a vendor who picks us locked bins of documents to be shredded. We have had them sign a Business Associate Agreement (we are also Business Associates.) I would not think there would be a need for accounting for these pick ups to be logged as disclosures. Joanne Marquez Senior Director Beech Street Corporation Account Services (949) 672-1519 -Original Message- From: Jason Brege [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: Tracking Disclosures by Business Associates I'm not entirely sure who "you" is in your question, but I assumed that you are asking about business associates disclosing to business associates, so here's a stab at an answer. It might also apply if you're asking about CE disclosures to transcription/disposal agencies. I believe a business associate would have to account for those disclosures to other business associates where the disclosure is not for treatment, payment, or healthcare operations purposes. Given our nature as a collection agency, most (if not all) of our disclosures are exempt from accounting because they are for payment purposes. If we had a transcription service, it could possibly need accounting, but I think that could be absorbed under payment purposes. It would depend on what type of service they are providing. The disposal agency is not TPO as far as I can determine, but if you're having them shred the information onsite, trained as a member of your workforce, it becomes a use rather than a disclosure. The only information taken offsite is shredded paper which formerly contained PHI. Thus nothing would be accounted for in the case of the disposal agency working onsite. Offsite, I think it would need further investigation. If we were a BA that had the practice of disclosing information to public health authorities or other organizations, then we would definitely have to account for those. I think the best assessment is to determine whether the BA is disclosing for TPO purposes or otherwise, and then direct them to account for the non-TPO disclosures that would be accounted for if done directly by the Covered Entity. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 9:44 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Tracking Disclosures by Business Associates By the same token, for the patient accounting,
RE: Tracking Disclosures by Business Associates
Title: Message I would have originally thought disposal was operations as well, but when I looked at the definition of healthcare operations in 164.501, it really seemed like a stretch. It doesn't fit into any of the 6 main areas under this definition: 1.Quality assessment and improvement activities, 2.Reviewing the competence or qualifications of health care professionals, 3.Underwriting, 4.Medical review/fraud and abuse, 5.Business planning and development, 6.Business management. The only place to squeeze it in would be Business Management, but shredding documents doesn't seem to really fit with the 5 "included but not limited to" examples under that part. It really just depends on your legal counsel and how your risk assessments see this issue. Practically, I think it would be absolutely insane to account for every piece of PHI on every piece of paper that you destroy. I think there are ways to justify this as Business Management, and I think your documentation of this decision would be key. I believe this is one reason why most entities have just brought shredders or shredding companies onsite. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 11:18 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RE: Tracking Disclosures by Business Associates Wouldn't disposal come under operations? We have a vendor who picks us locked bins of documents to be shredded. We have had them sign a Business Associate Agreement (we are also Business Associates.) I would not think there would be a need for accounting for these pick ups to be logged as disclosures. Joanne Marquez Senior Director Beech Street Corporation Account Services (949) 672-1519 -Original Message-From: Jason Brege [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Tracking Disclosures by Business Associates I'm not entirely sure who "you" is in your question, but I assumed that you are asking about business associates disclosing to business associates, so here's a stab at an answer. It might also apply if you're asking about CE disclosures to transcription/disposal agencies. I believe a business associate would have to account for those disclosures to other business associates where the disclosure is not for treatment, payment, or healthcare operations purposes. Given our nature as a collection agency, most (if not all) of our disclosures are exempt from accounting because they are for payment purposes. If we had a transcription service, it could possibly need accounting, but I think that could be absorbed under payment purposes. It would depend on what type of service they are providing. The disposal agency is not TPO as far as I can determine, but if you're having them shred the information onsite, trained as a member of your workforce, it becomes a use rather than a disclosure. The only information taken offsite is shredded paper which formerly contained PHI. Thus nothing would be accounted for in the case of the disposal agency working onsite. Offsite, I think it would need further investigation. If we were a BA that had the practice of disclosing information to public health authorities or other organizations, then we would definitely have to account for those. I think the best assessment is to determine whether the BA is disclosing for TPO purposes or otherwise, and then direct them to account for the non-TPO disclosures that would be accounted for if done directly by the Covered Entity. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: Tracking Disclosures by Business AssociatesBy the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...Jill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific ve
RE: Tracking Disclosures by Business Associates
Title: Message Wouldn't disposal come under operations? We have a vendor who picks us locked bins of documents to be shredded. We have had them sign a Business Associate Agreement (we are also Business Associates.) I would not think there would be a need for accounting for these pick ups to be logged as disclosures. Joanne Marquez Senior Director Beech Street Corporation Account Services (949) 672-1519 -Original Message-From: Jason Brege [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: Tracking Disclosures by Business Associates I'm not entirely sure who "you" is in your question, but I assumed that you are asking about business associates disclosing to business associates, so here's a stab at an answer. It might also apply if you're asking about CE disclosures to transcription/disposal agencies. I believe a business associate would have to account for those disclosures to other business associates where the disclosure is not for treatment, payment, or healthcare operations purposes. Given our nature as a collection agency, most (if not all) of our disclosures are exempt from accounting because they are for payment purposes. If we had a transcription service, it could possibly need accounting, but I think that could be absorbed under payment purposes. It would depend on what type of service they are providing. The disposal agency is not TPO as far as I can determine, but if you're having them shred the information onsite, trained as a member of your workforce, it becomes a use rather than a disclosure. The only information taken offsite is shredded paper which formerly contained PHI. Thus nothing would be accounted for in the case of the disposal agency working onsite. Offsite, I think it would need further investigation. If we were a BA that had the practice of disclosing information to public health authorities or other organizations, then we would definitely have to account for those. I think the best assessment is to determine whether the BA is disclosing for TPO purposes or otherwise, and then direct them to account for the non-TPO disclosures that would be accounted for if done directly by the Covered Entity. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: Tracking Disclosures by Business AssociatesBy the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...Jill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org This message is intended only for the use of the individual to which it is addressed and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and permanently delete the message immediately. Thank You * Confidentiality Statement - This Email is confidential. The information herein is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination,
RE: Tracking Disclosures by Business Associates
I'm not entirely sure who "you" is in your question, but I assumed that you are asking about business associates disclosing to business associates, so here's a stab at an answer. It might also apply if you're asking about CE disclosures to transcription/disposal agencies. I believe a business associate would have to account for those disclosures to other business associates where the disclosure is not for treatment, payment, or healthcare operations purposes. Given our nature as a collection agency, most (if not all) of our disclosures are exempt from accounting because they are for payment purposes. If we had a transcription service, it could possibly need accounting, but I think that could be absorbed under payment purposes. It would depend on what type of service they are providing. The disposal agency is not TPO as far as I can determine, but if you're having them shred the information onsite, trained as a member of your workforce, it becomes a use rather than a disclosure. The only information taken offsite is shredded paper which formerly contained PHI. Thus nothing would be accounted for in the case of the disposal agency working onsite. Offsite, I think it would need further investigation. If we were a BA that had the practice of disclosing information to public health authorities or other organizations, then we would definitely have to account for those. I think the best assessment is to determine whether the BA is disclosing for TPO purposes or otherwise, and then direct them to account for the non-TPO disclosures that would be accounted for if done directly by the Covered Entity. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 9:44 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: Tracking Disclosures by Business AssociatesBy the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...Jill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org This message is intended only for the use of the individual to which it is addressed and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and permanently delete the message immediately. Thank You
Re: Tracking Disclosures by Business Associates
By the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often... Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Tracking Disclosures by Business Associates
As a Business Associate collection agency, we have not had any Covered Entity clients request to track our disclosures themselves. The wording they have used in our contracts instructs us to forward disclosure information if they notify us of an accounting request. What we are doing is recording our relevant disclosures on our information system, and upon request we will forward them to the client when an accounting is requested for a certain patient. For a BA like a collection or billing agency, I would imagine that these types of requests will be fairly common, since we hold a lot of the patient's information. I believe this is the most straightforward way to go, but a Covered Entity should make sure the BA knows what types of disclosures to record, and that might be a daunting task with some BAs. Thanks, Jason Brege Clinton A. Harkins, P.C. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11, 2003 6:43 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Tracking Disclosures by Business AssociatesI am curious how covered entities are tracking accountings of disclosures by business associates that they then have to provide to the patient. In some ways, this seems like a daunting task but then again, I am not sure how often it will come up... I would appreciate your thoughts.Jill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org This message is intended only for the use of the individual to which it is addressed and contains information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and permanently delete the message immediately. Thank You
Tracking Disclosures by Business Associates
I am curious how covered entities are tracking accountings of disclosures by business associates that they then have to provide to the patient. In some ways, this seems like a daunting task but then again, I am not sure how often it will come up... I would appreciate your thoughts. Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Business Associates Agreement policy
Hello- Does any one have a brief, but to the point Business Associate agreement policy out there. I am needing to create one, but have not come across any in my travels. Please email me with one. Any help would be appreciated. Thanks Tamra Behrens Compliance Analyst Sierra View District Hospital Porterville, CA [EMAIL PROTECTED] -- DISCLAIMER: The information contained in this email transmission is confidential and intended for the addressee only. If the reader of this message is not the addressee or addressee's agent, you are hereby advised that any dissemination, distribution or copying of the information is strictly prohibited. The information contained in this email transmission may be protected under the Attorney/Client Privilege and protected from disclosure under California Evidence Code section 1157. If protected by the attorney/client privilege or by California Evidence Code Section 1157, the information contained in this email transmission shall continue to be protected and will not be negated by virtue of sending the information via this email. If you receive this email in error, please call the Information Technology Security Coordinator at (559) 788-6065 (collect if necessary) immediately upon receipt. Thank you for your cooperation. -- DISCLAIMER: The information contained in this email transmission is confidential and intended for the addressee only. If the reader of this message is not the addressee or addressee's agent, you are hereby advised that any dissemination, distribution or copying of the information is strictly prohibited. The information contained in this email transmission may be protected under the Attorney/Client Privilege and protected from disclosure under California Evidence Code section 1157. If protected by the attorney/client privilege or by California Evidence Code Section 1157, the information contained in this email transmission shall continue to be protected and will not be negated by virtue of sending the information via this email. If you receive this email in error, please call the Information Technology Security Coordinator at (559) 788-6065 (collect if necessary) immediately upon receipt. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: medical vendors as Business Associates
David, Amen! I would much rather have a clear answer beforehand than enforcement afterword. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Thursday, February 27, 2003 11:18 PM Subject: RE: medical vendors as Business Associates Doug, This is another example of the daunting enforcement task CMS has. There are so many interconnected issues that have no clear resolution. Somebody should calculate the cost of the lack of clarity of HIPAA. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 4:00 PMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates David, I would also tend to lean that way. Could we get a definitive answer "From Above"? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:55 PM Subject: RE: medical vendors as Business Associates Doug, This discussion has appeared on other healthcare listservs and there seems to be a strong leaning towards having medical device manufacture reps be considered part of TPO. It brings up an interesting liability issue as well as a patient consent issue for reps being in the OR. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 2:53 PMTo: David Frenkel; WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Davi
RE: medical vendors as Business Associates
Doug, This is another example of the daunting enforcement task CMS has. There are so many interconnected issues that have no clear resolution. Somebody should calculate the cost of the lack of clarity of HIPAA. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 4:00 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates David, I would also tend to lean that way. Could we get a definitive answer "From Above"? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:55 PM Subject: RE: medical vendors as Business Associates Doug, This discussion has appeared on other healthcare listservs and there seems to be a strong leaning towards having medical device manufacture reps be considered part of TPO. It brings up an interesting liability issue as well as a patient consent issue for reps being in the OR. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 2:53 PM To: David Frenkel; WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:10 PM Subject: RE: medical vendors as Business Associates Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:29 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliv
RE: medical vendors as Business Associates
This letter linked to this e-mail is interesting, I am sure many providers are struggling with this same issue. But I think the relevant question is do medical vendors really provide treatment (by HIPAA definition), therefore exempting this use/disclosure from a BA agreement? I have the definition of treatment as meaning "the provision, coordination, or management of healthcare and related services by one or more covered entities..." If you are not a covered entity, can you provide treatment (by definition)? It also states that medical vendors are working on their behalf and not the providers. I do not feel that the relationship with providers is always that clear. You sell provider a complicated device that needs insertion in the OR and train our nursing and medical staff to use it, on who's behalf is the medical vendor working in this scenario? I believe that there are no clear cut answers for some of these questions. I met with a statewide group the other day, and in some instances, these groups who have been working on these issues for around two years could not always agree who is a BA and how to handle these third parties under HIPAA. Anne Halfhill -Original Message- From: Kouzoukas, Demetrios [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 7:25 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: medical vendors as Business Associates See http://www.advamed.org/publicdocs/ltr.%20richard%20campanelli.pdf -- Demetrios Demetrios L. Kouzoukas Gardner, Carton & Douglas LLC 1301 K Street NW Suite 900, East Tower Washington, DC 20005-3317 Ph: (202) 230-5119 Fax: (202) 230-5319 Email: [EMAIL PROTECTED] WWW: http://www.gcd.com/firm/bio.asp?empid=K224331082 Assistant: Dee English; (202) 230-5611; [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: medical vendors as Business Associates
Jo, quite so. I would lkie to call an entity that would be a CE if they did a single electronic transaction that a standard has been established for a "Potential Covered Entity" (PCE) and avoid all the repeated verbiage. Any takers? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Jo Clair To: 'Doug Webb' Sent: Wednesday, February 26, 2003 04:17 PM Subject: RE: medical vendors as Business Associates Not all providers are CE's (they may not do electronic transactions). -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 1:57 PMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates Craig, That would be my understanding. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Craig Moen To: 'Doug Webb' Sent: Wednesday, February 26, 2003 03:28 PM Subject: RE: medical vendors as Business Associates Doug- I want to make sure I am understanding. We are a home health agency that provides therapy services. Our therapists interact with DME providers, and orthotists and obviously share PHI. Since these are outside services not provided by us, the DME providers, and orthotist independently bill the appropriate insurance company. They would then also be CE's and then we would be able to share info with them without a BAA because information can be shared between CE's as a part of treatment. Correct? Thanks for your input Craig Moen Director of Rehabilitation THERAPY 2000 Dallas, TX---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily
RE: medical vendors as Business Associates
See http://www.advamed.org/publicdocs/ltr.%20richard%20campanelli.pdf -- Demetrios Demetrios L. Kouzoukas Gardner, Carton & Douglas LLC 1301 K Street NW Suite 900, East Tower Washington, DC 20005-3317 Ph: (202) 230-5119 Fax: (202) 230-5319 Email: [EMAIL PROTECTED] WWW: http://www.gcd.com/firm/bio.asp?empid=K224331082 Assistant: Dee English; (202) 230-5611; [EMAIL PROTECTED] -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 5:00 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates David, I would also tend to lean that way. Could we get a definitive answer "From Above"? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel <mailto:[EMAIL PROTECTED]> To: WEDI SNIP Privacy Workgroup <mailto:[EMAIL PROTECTED]> List Sent: Wednesday, February 26, 2003 02:55 PM Subject: RE: medical vendors as Business Associates Doug, This discussion has appeared on other healthcare listservs and there seems to be a strong leaning towards having medical device manufacture reps be considered part of TPO. It brings up an interesting liability issue as well as a patient consent issue for reps being in the OR. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 2:53 PM To: David Frenkel; WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel <mailto:[EMAIL PROTECTED]> To: WEDI SNIP Privacy Workgroup <mailto:[EMAIL PROTECTED]> List Sent: Wednesday, February 26, 2003 02:10 PM Subject: RE: medical vendors as Business Associates Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:29 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver,
Re: medical vendors as Business Associates
David, I would also tend to lean that way. Could we get a definitive answer "From Above"? The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:55 PM Subject: RE: medical vendors as Business Associates Doug, This discussion has appeared on other healthcare listservs and there seems to be a strong leaning towards having medical device manufacture reps be considered part of TPO. It brings up an interesting liability issue as well as a patient consent issue for reps being in the OR. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 2:53 PMTo: David Frenkel; WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:10 PM Subject: RE: medical vendors as Business Associates Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:29 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message -
Re: medical vendors as Business Associates
Craig, That would be my understanding. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Craig Moen To: 'Doug Webb' Sent: Wednesday, February 26, 2003 03:28 PM Subject: RE: medical vendors as Business Associates Doug- I want to make sure I am understanding. We are a home health agency that provides therapy services. Our therapists interact with DME providers, and orthotists and obviously share PHI. Since these are outside services not provided by us, the DME providers, and orthotist independently bill the appropriate insurance company. They would then also be CE's and then we would be able to share info with them without a BAA because information can be shared between CE's as a part of treatment. Correct? Thanks for your input Craig Moen Director of Rehabilitation THERAPY 2000 Dallas, TX --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: medical vendors as Business Associates
Jill, HHS provided the following guidance in the Preamble to the (initial) Privacy regulations: "The term 'medical and other health services' means any of the following items or services. (6) durable medical equipment." So, if the provider of those services conducts a HIPAA-specified electronic transaction in regard to its services, the provider may be a CE. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 7:42 AM To: WEDI SNIP Privacy Workgroup List Subject: medical vendors as Business Associates Are medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer... Thanks in advance Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: medical vendors as Business Associates
Doug, This discussion has appeared on other healthcare listservs and there seems to be a strong leaning towards having medical device manufacture reps be considered part of TPO. It brings up an interesting liability issue as well as a patient consent issue for reps being in the OR. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 2:53 PM To: David Frenkel; WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:10 PM Subject: RE: medical vendors as Business Associates Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 11:29 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Vicki Schaff To: Doug Webb Sent: Wednesday, February 26, 2003 10:53 AM Subject: Re: medical vendors as Business Associates Consider the vendor who supplies a new medical device to a healthcare facility (CE) and the vendor provides instruction to a surgeon (CE) during implantation of the device. The vendor has access to PHI.One legal opinion has stated that the vendor is a BA of the healthcare facility. Your Comments. - Original Message - From: Doug Webb To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 9:29 AM Subject: Re: medical vendors as Business Associates Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in so
Re: medical vendors as Business Associates
David, They do, but I'm not directly involved, so I don't know the answer to your question. Jim Hewitt did bring up an interesting point that these vendors may also be hardware/software support people. In that role, I would think that a BAA would be appropriate to state that they would protect PHI they contact while maintaining the equipment. I had been thinking just of their role as a supplier of the equipment. Whew! Covering all bases is tough!. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: David Frenkel To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 02:10 PM Subject: RE: medical vendors as Business Associates Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message-From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 11:29 AMTo: WEDI SNIP Privacy Workgroup ListSubject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Vicki Schaff To: Doug Webb Sent: Wednesday, February 26, 2003 10:53 AM Subject: Re: medical vendors as Business Associates Consider the vendor who supplies a new medical device to a healthcare facility (CE) and the vendor provides instruction to a surgeon (CE) during implantation of the device. The vendor has access to PHI.One legal opinion has stated that the vendor is a BA of the healthcare facility. Your Comments. - Original Message - From: Doug Webb To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 9:29 AM Subject: Re: medical vendors as Business Associates Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in some other role in addition to being a DME vendor, that role must be considered independantly. . The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System En
RE: medical vendors as Business Associates
Doug, Does your facility do medical device implants? If so, do you know what the official position is of your facility on this? Thanks. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools 612-237-1966 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 26, 2003 11:29 AM To: WEDI SNIP Privacy Workgroup List Subject: Re: medical vendors as Business Associates Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Vicki Schaff To: Doug Webb Sent: Wednesday, February 26, 2003 10:53 AM Subject: Re: medical vendors as Business Associates Consider the vendor who supplies a new medical device to a healthcare facility (CE) and the vendor provides instruction to a surgeon (CE) during implantation of the device. The vendor has access to PHI.One legal opinion has stated that the vendor is a BA of the healthcare facility. Your Comments. - Original Message - From: Doug Webb To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 9:29 AM Subject: Re: medical vendors as Business Associates Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in some other role in addition to being a DME vendor, that role must be considered independantly. . The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Dan Kelsey To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 08:32 AM Subject: RE: medical vendors as Business Associates I think your decision would have to be very fact based. For example, if a wheelchair company sells 50 wheelchairs to a hospital, then they would not be a BA of the hospital. However, if the hospital rehab unit orders a custom fit wheelchair that involves disclosure of the patient's limitations, physical build, etc., then chances are a BA relationship does not exist either. I say "chances are" because treatment by a health care provider is exempt from the BA definition and a BAA is not required. The key issue is if the medical vendor meets the definition of a health care provider - there is a mention in HIPAA for the Federal definition, and it is fairly all encompassing. Generally speaking, I do not think the majority of these vendors would be business associates. Hope this helps, Dan Kelsey Practice Advisor Indiana State Medical Association 800-257-4762 (317) 261-2060 (317) 261-2076 - fax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent:
Re: medical vendors as Business Associates
Medical equipment vendors often receive PHI, if you're not careful. Machines like heart rate monitors often store patient identifiers, and if a technician takes one off-site for repairs the PHI goes with it. -Jim __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: medical vendors as Business Associates
Vicki, I believe that in this case the vendor would a Healthcare Provider participating in Treatment. They would not be a BA. They would be a CE if they used any of the standard electronic transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Vicki Schaff To: Doug Webb Sent: Wednesday, February 26, 2003 10:53 AM Subject: Re: medical vendors as Business Associates Consider the vendor who supplies a new medical device to a healthcare facility (CE) and the vendor provides instruction to a surgeon (CE) during implantation of the device. The vendor has access to PHI.One legal opinion has stated that the vendor is a BA of the healthcare facility. Your Comments. - Original Message - From: Doug Webb To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 9:29 AM Subject: Re: medical vendors as Business Associates Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in some other role in addition to being a DME vendor, that role must be considered independantly. . The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Dan Kelsey To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 08:32 AM Subject: RE: medical vendors as Business Associates I think your decision would have to be very fact based. For example, if a wheelchair company sells 50 wheelchairs to a hospital, then they would not be a BA of the hospital. However, if the hospital rehab unit orders a custom fit wheelchair that involves disclosure of the patient's limitations, physical build, etc., then chances are a BA relationship does not exist either. I say "chances are" because treatment by a health care provider is exempt from the BA definition and a BAA is not required. The key issue is if the medical vendor meets the definition of a health care provider - there is a mention in HIPAA for the Federal definition, and it is fairly all encompassing. Generally speaking, I do not think the majority of these vendors would be business associates. Hope this helps, Dan Kelsey Practice Advisor Indiana State Medical Association 800-257-4762 (317) 261-2060 (317) 261-2076 - fax -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 7:42 AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical vendors as Business AssociatesAre medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I
Re: medical vendors as Business Associates
Dawn, This looks like a lot of "CYA" BAA contracts being sent unnecessarily. The logic seems to be send them to everybody, and see who signs them. Don't forget that the CE is the one who is responsible to ensure that the proper BAAs are in place. Since a contract is signed by both sides, it doesn't matter who drafts the text. A BA who drafts the BAA text is trying to increase the likelyhood that their version is the one that is signed. Don't sign anything until your lawyer checks it out! The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Dawn Lenox To: Doug Webb Sent: Wednesday, February 26, 2003 09:37 AM Subject: Re: medical vendors as Business Associates I tried to explain this to a vendor that sent us (CE) their BA (non-CE) as a favor to usThey said we were being liberal in our interpretation and that they were being "conservative"...they did not even request that we sign it...go figure. - Original Message - From: Doug Webb To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 9:29 AM Subject: Re: medical vendors as Business Associates Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in some other role in addition to being a DME vendor, that role must be considered independantly. . The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Dan Kelsey To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 08:32 AM Subject: RE: medical vendors as Business Associates I think your decision would have to be very fact based. For example, if a wheelchair company sells 50 wheelchairs to a hospital, then they would not be a BA of the hospital. However, if the hospital rehab unit orders a custom fit wheelchair that involves disclosure of the patient's limitations, physical build, etc., then chances are a BA relationship does not exist either. I say "chances are" because treatment by a health care provider is exempt from the BA definition and a BAA is not required. The key issue is if the medical vendor meets the definition of a health care provider - there is a mention in HIPAA for the Federal definition, and it is fairly all encompassing. Generally speaking, I do not think the majority of these vendors would be business associates. Hope this helps, Dan Kelsey Practice Advisor Indiana State Medical Association 800-257-4762 (317) 261-2060 (317) 261-2076 - fax -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL
RE: medical vendors as Business Associates
It's more likely this activity/role falls under a DME provider activity and thus may make this function/role a provider type. If they then seek reimbursement from a payer/health plan, this constitutes acting as a provider, doesn't it? I'm aware of at least one major orthopaedic mfgr that has already determined its activity in directly providing to the patient their DME classified products and for which they then submit a claim for reimbursement makes this activity/role a covered entity. Rachel Foerster CEO & PresidentRachel Foerster & Associates, Ltd. Professionals in Health Care EDI, Privacy & Security39432 North Avenue Beach Park, IL 60099 Voice: 847-872-8070 Fax: 847-872-6860 eMail: [EMAIL PROTECTED] http://www.rfa-edi.com ## This transmission may be confidential or protected from disclosure and is only for review and use by the intended recipient. Access by anyone else is unauthorized. Any unauthorized reader is hereby notified that any review, use, dissemination, disclosure or copying of this information, or any act or omission taken in reliance on it, is prohibited and may be unlawful. If you received this transmission in error, please notify the sender immediately. Thank you -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 6:42 AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical vendors as Business AssociatesAre medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer...Thanks in advanceJill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: medical vendors as Business Associates
Jill, I agree with Dan. The critical question is do you do anything on behalf of a Covered Entity that involves PHI? If this answer is "No", you do not need a BAA. Providing devices to non-patients isolates you from PHI. Providing devices to patients is acting on behalf of yourself (I assume you make a profit on the deal, or you wouldn't be in business), not a service to the Covered Entity. If you also bill insurance carriers electronically, you may be a Covered Entity (providing Treatment). As Dan said, it would be extremely rare that a vendor of this type would be in a Business Associate relationship with a Covered Entity. If it operates in some other role in addition to being a DME vendor, that role must be considered independantly. . The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Dan Kelsey To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, February 26, 2003 08:32 AM Subject: RE: medical vendors as Business Associates I think your decision would have to be very fact based. For example, if a wheelchair company sells 50 wheelchairs to a hospital, then they would not be a BA of the hospital. However, if the hospital rehab unit orders a custom fit wheelchair that involves disclosure of the patient's limitations, physical build, etc., then chances are a BA relationship does not exist either. I say "chances are" because treatment by a health care provider is exempt from the BA definition and a BAA is not required. The key issue is if the medical vendor meets the definition of a health care provider - there is a mention in HIPAA for the Federal definition, and it is fairly all encompassing. Generally speaking, I do not think the majority of these vendors would be business associates. Hope this helps, Dan Kelsey Practice Advisor Indiana State Medical Association 800-257-4762 (317) 261-2060 (317) 261-2076 - fax -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 7:42 AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical vendors as Business AssociatesAre medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer...Thanks in advanceJill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To u
RE: medical vendors as Business Associates
I think your decision would have to be very fact based. For example, if a wheelchair company sells 50 wheelchairs to a hospital, then they would not be a BA of the hospital. However, if the hospital rehab unit orders a custom fit wheelchair that involves disclosure of the patient's limitations, physical build, etc., then chances are a BA relationship does not exist either. I say "chances are" because treatment by a health care provider is exempt from the BA definition and a BAA is not required. The key issue is if the medical vendor meets the definition of a health care provider - there is a mention in HIPAA for the Federal definition, and it is fairly all encompassing. Generally speaking, I do not think the majority of these vendors would be business associates. Hope this helps, Dan Kelsey Practice Advisor Indiana State Medical Association 800-257-4762 (317) 261-2060 (317) 261-2076 - fax -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Wednesday, February 26, 2003 7:42 AMTo: WEDI SNIP Privacy Workgroup ListSubject: medical vendors as Business AssociatesAre medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer...Thanks in advanceJill Rubin, Esq.(617)388-2404[EMAIL PROTECTED] ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
medical vendors as Business Associates
Are medical vendors that supply products like prosthesis, wheelchairs, etc., considered BA? I have been researching this and can't seem to come up with clear answer... Thanks in advance Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Are dieticians Business Associates?
Vikas, If the "dietary purpose" is treatment (including evaluations and assessments for food-intake, medication contraindications, etc.) the dietician would NOT be defined under HIPAA as a "business associate". However, if the "dietary purpose" is related to say, a quality improvement activity (defined under HIPAA as a "health care operation"), then the possibility exists for the dietician to be defined as a "business associate". I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Vikas Budhiraja [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 11:52 AM To: WEDI SNIP Privacy Workgroup List Subject: Are dieticians Business Associates? A question about Dieticians. If a contract dietician reviews a patient's medical charts for dietary purposes, is he/she considered a BA? Or would this be considered part of treatment. Thanks, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Are dieticians Business Associates?
Vikas, The Dietician would be performing Treatment duties, and thus be a Covered Entity if he does any electronic transactions that have HIPAA standards. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Vikas Budhiraja To: WEDI SNIP Privacy Workgroup List Sent: Tuesday, February 25, 2003 10:51 AM Subject: Are dieticians Business Associates? A question about Dieticians. If a contract dietician reviews a patient'smedical charts for dietary purposes, is he/she considered a BA? Or wouldthis be considered part of treatment.Thanks,Vikas---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Are dieticians Business Associates?
A question about Dieticians. If a contract dietician reviews a patient's medical charts for dietary purposes, is he/she considered a BA? Or would this be considered part of treatment. Thanks, Vikas --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Physicians as business associates
Jill, Heath care treatment providers (acting in the capacity of treatment providers) do not fit the definition of Business Associate as defined in the Privacy regulations. Therefore, a BAC is not applicable. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 8:07 PM To: WEDI SNIP Privacy Workgroup List Subject: Physicians as business associates Are physicians who provide temporary service or vacation coverage business associates? Thanks in advance. Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Physicians as business associates
Are physicians who provide temporary service or vacation coverage business associates? Thanks in advance. Jill Rubin, Esq. (617)388-2404 [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates Agreements
William, I stand corrected. If I understand what this implies, the only time a BAA would not be required with a "Clearinghouse" would be if its only function is as a conduit of Standard Transactions. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: "William J. Kammerer" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Wednesday, February 05, 2003 10:37 AM Subject: Re: Business Associates Agreements > A covered entity clearinghouse may convert between standard and > non-standard on behalf of another covered entity only when it's acting > as a business associate (of that covered entity); see 45 CFR § 162.930. > Otherwise, a clearinghouse can only serve as a conduit for standard > transactions. > > William J. Kammerer > Novannet, LLC. > Columbus, US-OH 43221-3859 > +1 (614) 487-0320 > > - Original Message - > From: "Doug Webb" <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, 05 February, 2003 10:24 AM > Subject: Re: Business Associates Agreements > > > Brenda, > As Noel pointed out, not quite. They may be a CE in addition to being a > BA, but, because they perform a function (billing) for the Provider, > they are a BA of the provider. If their functionality includes anything > outside of obtaining non-standard claims information, generating > standard claims information, and transmitting them (such as sending > bills to patients), a BAA will be necessary. Even in the event that the > functionality is totally "clearinghouse", a BAA would be desirable to > clarify where eveyone stands. > > The opinions expressed here are my own and not necessarily the opinion > of LCMH. > > Douglas M. Webb > Computer System Engineer > Little Company of Mary Hospital & Health Care Centers > [EMAIL PROTECTED] > > - Original Message - > From: "Brenda K. Burton" <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Wednesday, February 05, 2003 08:24 AM > Subject: Re: Business Associates Agreements > > > > Be careful, because not all billing companies are BA! If the billing > service translates a standard transaction, they they may well be > considered a clearinghouse, thus, a covered entity. It is correct, > however, that a BAA is not necessary between a billing company and the > payer. > > > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes o
Re: Business Associates Agreements
A covered entity clearinghouse may convert between standard and non-standard on behalf of another covered entity only when it's acting as a business associate (of that covered entity); see 45 CFR § 162.930. Otherwise, a clearinghouse can only serve as a conduit for standard transactions. William J. Kammerer Novannet, LLC. Columbus, US-OH 43221-3859 +1 (614) 487-0320 - Original Message - From: "Doug Webb" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, 05 February, 2003 10:24 AM Subject: Re: Business Associates Agreements Brenda, As Noel pointed out, not quite. They may be a CE in addition to being a BA, but, because they perform a function (billing) for the Provider, they are a BA of the provider. If their functionality includes anything outside of obtaining non-standard claims information, generating standard claims information, and transmitting them (such as sending bills to patients), a BAA will be necessary. Even in the event that the functionality is totally "clearinghouse", a BAA would be desirable to clarify where eveyone stands. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] - Original Message - From: "Brenda K. Burton" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, February 05, 2003 08:24 AM Subject: Re: Business Associates Agreements Be careful, because not all billing companies are BA! If the billing service translates a standard transaction, they they may well be considered a clearinghouse, thus, a covered entity. It is correct, however, that a BAA is not necessary between a billing company and the payer. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates Agreements
WOW, I am sorry!!! Yes, yes, you are totally right... the only point I was trying to make is that under HIPAA a billing service is not always just a BA, they can be considered a CE (i.e. clearinghouse). Yes, they are a BA of the CE, i.e. the provider they bill for. And, yes, a CE can be a BA of another CE. I apologize for whipping through my post without more thought or coffee. I am embarrassed! Brenda I have to disagree. A billing company is a BA of any provider it provides > billing services to, as long as that provider is a covered entity. Whether > or not the billing company themselves is a covered entity does not factor in > to the evaluation of if the billing company is a BA. > > HHS has said several times you can be both a CE and BA. > > If you perform a covered function on behalf of a CE then you are a BA of that > CE. > > If you yourself meet the criteria to be a CE, then you are a CE. > > If all I am is a BA, then all I have to worry about is having a BA agreement > and actually that is not even my concern. It is the CE's who are obligated > under HIPAA to ensure the BAA is in place. As a practical matter if the > clients of my business are predominantly CE's (as would be the case if I > owned a billing company that billed electronically) then as a convenience to > my clients I might want to take the initiative in preparing a BAA for all my > clients to sign. > > If I am a BA and a CE, then I have to comply with all of HIPAA because of my > status as a CE (not because I am a BA). Also note that as a CE, I now have > an obligation to ensure I have BA agreements in place, but that obligation is > only with respect to my BA's. The clients of my billing company are not my > BA's, they are my clients. My BA's are only people who perform covered > functions on my behalf. My clients are not doing anything on behlaf of my > billing company. But I am billing payers on their behalf so I am their BA > but they are not mine. > > Clear as mud? > > -- > Open WebMail Project (http://openwebmail.org) > > > -- Original Message --- > From: "Brenda K. Burton" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: Wed, 05 Feb 2003 14:24:10 + > Subject: Re: Business Associates Agreements > > > Be careful, because not all billing companies are BA! If the > > billing service translates a standard transaction, they they may > > well be considered a clearinghouse, thus, a covered entity. It is > > correct, however, that a BAA is not necessary between a billing > > company and the payer. > > > > No. > > > > > > Billing companies are Business Associates of their health care provider > > > clients because they are performing a covered function on behalf of those > > > client. > > > > > > The insurance companies they bill to and the cilling company are each > > > performing their own discrete step in the paymeny process. Neither is > > > performing any function on behalf of the other. > > > > > > Noel Chang > > > > > > -- > > > Open WebMail Project (http://openwebmail.org) > > > > > > > > > -- Original Message --- > > > From: [EMAIL PROTECTED] > > > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > > > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST) > > > Subject: Business Associates Agreements > > > > > > > Hi, I'm helping some small Billing companies in my area > > > > become HIPAA compliant and I'm not sure if they need a > > > > Business Associates Agreement with the Insurance > > > > carriers that they submit claims to. Any information > > > > would be greatly appreciated. > > > > > > > > Thank you, > > > > > > > > M.Noren > > > > > > > > --- > > > > The WEDI SNIP listserv to which you are subscribed is not moderated. > > > > The discussions on this listserv therefore represent the views of > > > > the individual participants, and do not necessarily represent the > > > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > > > > receive an official opinion, post your question to the WEDI SNIP > > > > Issues Database at http://snip.wedi.org/tracking/. These listservs > > > > should not be used for commercial marketing purposes or discussion > > > > of specific vendor products and services. They also are not > > > > intended to be us
Re: Business Associates Agreements
I have to disagree. A billing company is a BA of any provider it provides billing services to, as long as that provider is a covered entity. Whether or not the billing company themselves is a covered entity does not factor in to the evaluation of if the billing company is a BA. HHS has said several times you can be both a CE and BA. If you perform a covered function on behalf of a CE then you are a BA of that CE. If you yourself meet the criteria to be a CE, then you are a CE. If all I am is a BA, then all I have to worry about is having a BA agreement and actually that is not even my concern. It is the CE's who are obligated under HIPAA to ensure the BAA is in place. As a practical matter if the clients of my business are predominantly CE's (as would be the case if I owned a billing company that billed electronically) then as a convenience to my clients I might want to take the initiative in preparing a BAA for all my clients to sign. If I am a BA and a CE, then I have to comply with all of HIPAA because of my status as a CE (not because I am a BA). Also note that as a CE, I now have an obligation to ensure I have BA agreements in place, but that obligation is only with respect to my BA's. The clients of my billing company are not my BA's, they are my clients. My BA's are only people who perform covered functions on my behalf. My clients are not doing anything on behlaf of my billing company. But I am billing payers on their behalf so I am their BA but they are not mine. Clear as mud? -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: "Brenda K. Burton" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Wed, 05 Feb 2003 14:24:10 + Subject: Re: Business Associates Agreements > Be careful, because not all billing companies are BA! If the > billing service translates a standard transaction, they they may > well be considered a clearinghouse, thus, a covered entity. It is > correct, however, that a BAA is not necessary between a billing > company and the payer. > > No. > > > > Billing companies are Business Associates of their health care provider > > clients because they are performing a covered function on behalf of those > > client. > > > > The insurance companies they bill to and the cilling company are each > > performing their own discrete step in the paymeny process. Neither is > > performing any function on behalf of the other. > > > > Noel Chang > > > > -- > > Open WebMail Project (http://openwebmail.org) > > > > > > -- Original Message --- > > From: [EMAIL PROTECTED] > > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST) > > Subject: Business Associates Agreements > > > > > Hi, I'm helping some small Billing companies in my area > > > become HIPAA compliant and I'm not sure if they need a > > > Business Associates Agreement with the Insurance > > > carriers that they submit claims to. Any information > > > would be greatly appreciated. > > > > > > Thank you, > > > > > > M.Noren > > > > > > --- > > > The WEDI SNIP listserv to which you are subscribed is not moderated. > > > The discussions on this listserv therefore represent the views of > > > the individual participants, and do not necessarily represent the > > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > > > receive an official opinion, post your question to the WEDI SNIP > > > Issues Database at http://snip.wedi.org/tracking/. These listservs > > > should not be used for commercial marketing purposes or discussion > > > of specific vendor products and services. They also are not > > > intended to be used as a forum for personal disagreements or > > > unprofessional communication at any time. > > > > > > You are currently subscribed to wedi-privacy as: > > > [EMAIL PROTECTED] To unsubscribe from this list, go to the > > > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > > > blank email to [EMAIL PROTECTED] If you > > > need to unsubscribe but your current email address is not the same > > > as the address subscribed to the list, please use the > > > Subscribe/Unsubscribe form at http://subscribe.wedi.org > > --- End of Original Message --- > > > > > > --- > > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views o
Re: Business Associates Agreements
Yes, I understand the information Noel stated. I didn't read her other post explaining it. We are a billing service and a BA of the CE. We (in our company) are a not a considered a clearinghouse by definition, so therefore not a CE. That was the point I was trying to make. Thanks for the clarification. Brenda Brenda, > As Noel pointed out, not quite. They may be a CE in addition to being a BA, but, >because they perform a function (billing) for the Provider, they are a BA of the >provider. If their functionality includes anything outside of obtaining non-standard >claims information, generating standard claims information, and transmitting them >(such as sending bills to patients), a BAA will be necessary. Even in the event that >the functionality is totally "clearinghouse", a BAA would be desirable to clarify >where eveyone stands. > > The opinions expressed here are my own and not necessarily the opinion of LCMH. > > Douglas M. Webb > Computer System Engineer > Little Company of Mary Hospital & Health Care Centers > [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates Agreements
Brenda, As Noel pointed out, not quite. They may be a CE in addition to being a BA, but, because they perform a function (billing) for the Provider, they are a BA of the provider. If their functionality includes anything outside of obtaining non-standard claims information, generating standard claims information, and transmitting them (such as sending bills to patients), a BAA will be necessary. Even in the event that the functionality is totally "clearinghouse", a BAA would be desirable to clarify where eveyone stands. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: "Brenda K. Burton" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, February 05, 2003 08:24 AM Subject: Re: Business Associates Agreements Be careful, because not all billing companies are BA! If the billing service translates a standard transaction, they they may well be considered a clearinghouse, thus, a covered entity. It is correct, however, that a BAA is not necessary between a billing company and the payer. No. > > Billing companies are Business Associates of their health care provider > clients because they are performing a covered function on behalf of those > client. > > The insurance companies they bill to and the cilling company are each > performing their own discrete step in the paymeny process. Neither is > performing any function on behalf of the other. > > Noel Chang > > -- > Open WebMail Project (http://openwebmail.org) > > > -- Original Message --- > From: [EMAIL PROTECTED] > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST) > Subject: Business Associates Agreements > > > Hi, I'm helping some small Billing companies in my area > > become HIPAA compliant and I'm not sure if they need a > > Business Associates Agreement with the Insurance > > carriers that they submit claims to. Any information > > would be greatly appreciated. > > > > Thank you, > > > > M.Noren > > > > --- > > The WEDI SNIP listserv to which you are subscribed is not moderated. > > The discussions on this listserv therefore represent the views of > > the individual participants, and do not necessarily represent the > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > > receive an official opinion, post your question to the WEDI SNIP > > Issues Database at http://snip.wedi.org/tracking/. These listservs > > should not be used for commercial marketing purposes or discussion > > of specific vendor products and services. They also are not > > intended to be used as a forum for personal disagreements or > > unprofessional communication at any time. > > > > You are currently subscribed to wedi-privacy as: > > [EMAIL PROTECTED] To unsubscribe from this list, go to the > > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > > blank email to [EMAIL PROTECTED] If you > > need to unsubscribe but your current email address is not the same > > as the address subscribed to the list, please use the > > Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- End of Original Message --- > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTE
Re: Business Associates Agreements
Be careful, because not all billing companies are BA! If the billing service translates a standard transaction, they they may well be considered a clearinghouse, thus, a covered entity. It is correct, however, that a BAA is not necessary between a billing company and the payer. No. > > Billing companies are Business Associates of their health care provider > clients because they are performing a covered function on behalf of those > client. > > The insurance companies they bill to and the cilling company are each > performing their own discrete step in the paymeny process. Neither is > performing any function on behalf of the other. > > Noel Chang > > -- > Open WebMail Project (http://openwebmail.org) > > > -- Original Message --- > From: [EMAIL PROTECTED] > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST) > Subject: Business Associates Agreements > > > Hi, I'm helping some small Billing companies in my area > > become HIPAA compliant and I'm not sure if they need a > > Business Associates Agreement with the Insurance > > carriers that they submit claims to. Any information > > would be greatly appreciated. > > > > Thank you, > > > > M.Noren > > > > --- > > The WEDI SNIP listserv to which you are subscribed is not moderated. > > The discussions on this listserv therefore represent the views of > > the individual participants, and do not necessarily represent the > > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > > receive an official opinion, post your question to the WEDI SNIP > > Issues Database at http://snip.wedi.org/tracking/. These listservs > > should not be used for commercial marketing purposes or discussion > > of specific vendor products and services. They also are not > > intended to be used as a forum for personal disagreements or > > unprofessional communication at any time. > > > > You are currently subscribed to wedi-privacy as: > > [EMAIL PROTECTED] To unsubscribe from this list, go to the > > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > > blank email to [EMAIL PROTECTED] If you > > need to unsubscribe but your current email address is not the same > > as the address subscribed to the list, please use the > > Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- End of Original Message --- > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates Agreements
If the billing company is a clearinghouse then they are both a CE and a BA of their clients. HHS has clarified that CE and BA status do not have to be mutually exclusive. You can be both a CE and a BA. Note however that BA relationships can be one way or they can be reciprocal. Yes a clearinghouse is a CE and as a CE they are obligated to have BA agreements in place with all of their BA's. But the providers who use the clearinghouse are not BA's of the clearinghouse. This would be a one way relationship where the clearinghouse is a BA of the provider but not visa versa. The key here is who is performing functions on behlaf of whom? The clearinghouse is providing billing services on behalf of the provider. The provider is not doing anything on behalf of the clearinghouse. Noel Chang -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: "Brenda K. Burton" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Tue, 04 Feb 2003 22:05:21 + Subject: Re: Business Associates Agreements > "If the billing company does all its transactions as Standard > Transactions", then it would be considered a clearinghouse and > therefore a CE rather than a BA; is this not correct? > > And the CE is actually the one that is technically responsible in > implementing the BA agreement, aren't they? > > Just my thoughts! ~Brenda > > The Billing Companies won't need to ensure any BAAs are in place > unless someone out there acts on behalf of the Billing Company > rather than on behalf of the Covered Entity (Provider) [CUSTOMER!] > > > > Their Customers will need BAAs in place with the following: > > * The Billing Company > > * A Collection Agency, if used > > * Any Transactions Clearinghouse (note: if the Billing Company does all its transactions as Standard Transactions, a BAA is not required with a clearinghouse acting only as a switcher -- just an ordinary contract to do business) > > > > Neither the Billing Company nor their Customers need BAAs with any Health Plans unless they doing a non-health-plan function. > > > > > > The opinions expressed here are my own and not necessarily the opinion of LCMH. > > > > Douglas M. Webb > > Computer System Engineer > > Little Company of Mary Hospital & Health Care Centers > > [EMAIL PROTECTED] > > > > "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual (s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." > > > > > > > > - Original Message - > > From: <[EMAIL PROTECTED]> > > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > > Sent: Tuesday, February 04, 2003 02:11 PM > > Subject: Business Associates Agreements > > > > > > > Hi, I'm helping some small Billing companies in my area > > > become HIPAA compliant and I'm not sure if they need a > > > Business Associates Agreement with the Insurance > > > carriers that they submit claims to. Any information > > > would be greatly appreciated. > > > > > > Thank you, > > > > > > M.Noren > > > > > > --- > > > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. > > > > > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to leave-wedi-privacy- [EMAIL PROTECTED] > > > If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > >
Re: Business Associates Agreements
No. Billing companies are Business Associates of their health care provider clients because they are performing a covered function on behalf of those client. The insurance companies they bill to and the cilling company are each performing their own discrete step in the paymeny process. Neither is performing any function on behalf of the other. Noel Chang -- Open WebMail Project (http://openwebmail.org) -- Original Message --- From: [EMAIL PROTECTED] To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Tue, 04 Feb 2003 12:11:22 -0800 (PST) Subject: Business Associates Agreements > Hi, I'm helping some small Billing companies in my area > become HIPAA compliant and I'm not sure if they need a > Business Associates Agreement with the Insurance > carriers that they submit claims to. Any information > would be greatly appreciated. > > Thank you, > > M.Noren > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of > the individual participants, and do not necessarily represent the > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > receive an official opinion, post your question to the WEDI SNIP > Issues Database at http://snip.wedi.org/tracking/. These listservs > should not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: > [EMAIL PROTECTED] To unsubscribe from this list, go to the > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > blank email to [EMAIL PROTECTED] If you > need to unsubscribe but your current email address is not the same > as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org --- End of Original Message --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Business Associates Agreements
M. Noren - A few thoughts, (1) it is a little tricky determining whether or not a billing company based on the services it provides its clients is a "clearinghouse" for HIPAA purposes or just a business associate - so as a threshold matter it will be important to ascertain whether or not the services each of the billing companies you work with triggers the HIPAA clearinghouse definition; (2) in all likelihood your billing service clients serve providers, not payers, so even if they are deemed to be clearinghouses for HIPAA purposes based on their activities, it is still unlikely they would need BA agreements with payers; (3) given the size of your clients, they may have clients who are small providers who are facing some HIPAA implementation challenges and may be in the habit of obtaining lots of types of technical assistance from their billing services. In this case, the small providers may even be expecting their billing services to assist them in their HIPAA compliance efforts (including helping them put together a HIPAA compliant business associate agreement). There is an excellent small practice implementation guide at the http://snip.wedi.org website, readily downloadable and a wonderful tool for the project. Your clients may find it beneficial as well in understanding their clients' challenges. There is also a general "model" of BA language at the OCR website, again downloadable and very usable that your clients may feel comfortable to providing to their small provider clients to assist them in the process (http://aspe.os.dhhs.gov/admnsimp). Many of the regional units of WEDiSNIP, the URLs are all accessible through the central WEDiSNIP website, have excellent forms, templates and explanatory materials too and educational programs. In our region, the Mid Atlantic, we have 4 upcoming meetings designed to assist the small provider with privacy implementation issues and if you are in our area our website is www.mahicentral.org. (4) there are several trade and professional associations, non profits, with excellent training and compliance assistance materials designed for billing services and collection agencies, notably the ACA International and AMBA. I believe there may be others as well. You and your clients may find cost-effective "targeted" HIPAA compliance resources this way as well. Hope you find this helpful. Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 -Original Message- From: Doug Webb [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 3:58 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: Business Associates Agreements The Billing Companies won't need to ensure any BAAs are in place unless someone out there acts on behalf of the Billing Company rather than on behalf of the Covered Entity (Provider) [CUSTOMER!] Their Customers will need BAAs in place with the following: * The Billing Company * A Collection Agency, if used * Any Transactions Clearinghouse (note: if the Billing Company does all its transactions as Standard Transactions, a BAA is not required with a clearinghouse acting only as a switcher -- just an ordinary contract to do business) Neither the Billing Company nor their Customers need BAAs with any Health Plans unless they doing a non-health-plan function. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Tuesday, February 04, 2003 02:11 PM Subject: Business Associates Agreements > Hi, I'm helping some small Billing companies in my area > become HIPAA compliant and I'm not sure if they need a > Business Associates Agreement with the Insurance > carriers that they submit claims to. Any information > would be greatly appreciated. > > Thank you, > > M.Noren > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Direct
Re: Business Associates Agreements
"If the billing company does all its transactions as Standard Transactions", then it would be considered a clearinghouse and therefore a CE rather than a BA; is this not correct? And the CE is actually the one that is technically responsible in implementing the BA agreement, aren't they? Just my thoughts! ~Brenda The Billing Companies won't need to ensure any BAAs are in place unless someone out there acts on behalf of the Billing Company rather than on behalf of the Covered Entity (Provider) [CUSTOMER!] > > Their Customers will need BAAs in place with the following: > * The Billing Company > * A Collection Agency, if used > * Any Transactions Clearinghouse (note: if the Billing Company does all its >transactions as Standard Transactions, a BAA is not required with a clearinghouse >acting only as a switcher -- just an ordinary contract to do business) > > Neither the Billing Company nor their Customers need BAAs with any Health Plans >unless they doing a non-health-plan function. > > > The opinions expressed here are my own and not necessarily the opinion of LCMH. > > Douglas M. Webb > Computer System Engineer > Little Company of Mary Hospital & Health Care Centers > [EMAIL PROTECTED] > > "This electronic message may contain information that is confidential and/or legally >privileged. It is intended only for the use of the individual(s) and entity(s) named >as recipients in the message. If you are not an intended recipient of the message, >please notify the sender immediately, delete the material from any computer, do not >deliver, distribute, or copy this message, and do not disclose its contents or take >action in reliance on the information it contains. Thank you." > > > > - Original Message - > From: <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Tuesday, February 04, 2003 02:11 PM > Subject: Business Associates Agreements > > > > Hi, I'm helping some small Billing companies in my area > > become HIPAA compliant and I'm not sure if they need a > > Business Associates Agreement with the Insurance > > carriers that they submit claims to. Any information > > would be greatly appreciated. > > > > Thank you, > > > > M.Noren > > > > --- > > The WEDI SNIP listserv to which you are subscribed is not moderated. The >discussions on this listserv therefore represent the views of the individual >participants, and do not necessarily represent the views of the WEDI Board of >Directors nor WEDI SNIP. If you wish to receive an official opinion, post your >question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These >listservs should not be used for commercial marketing purposes or discussion of >specific vendor products and services. They also are not intended to be used as a >forum for personal disagreements or unprofessional communication at any time. > > > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] > > If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Boar
Re: Business Associates Agreements
They should not need a BAA for the carriers that they submit claims to, but they might need one for the providers that they are submitting claims for. They are acting on behalf of the providers in a billing situation, are they not? In which case it would truly depend on their relationship with the provider not the carrier in which they are sending the information to on behalf of the provider. Hope that help. Thank you, Chris GraffProject ManagerOmni Resources >>> <[EMAIL PROTECTED]> 02/04/03 02:11PM >>>Hi, I'm helping some small Billing companies in my areabecome HIPAA compliant and I'm not sure if they need aBusiness Associates Agreement with the Insurancecarriers that they submit claims to. Any informationwould be greatly appreciated. Thank you,M.Noren---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates Agreements
The Billing Companies won't need to ensure any BAAs are in place unless someone out there acts on behalf of the Billing Company rather than on behalf of the Covered Entity (Provider) [CUSTOMER!] Their Customers will need BAAs in place with the following: * The Billing Company * A Collection Agency, if used * Any Transactions Clearinghouse (note: if the Billing Company does all its transactions as Standard Transactions, a BAA is not required with a clearinghouse acting only as a switcher -- just an ordinary contract to do business) Neither the Billing Company nor their Customers need BAAs with any Health Plans unless they doing a non-health-plan function. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. Webb Computer System Engineer Little Company of Mary Hospital & Health Care Centers [EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Tuesday, February 04, 2003 02:11 PM Subject: Business Associates Agreements > Hi, I'm helping some small Billing companies in my area > become HIPAA compliant and I'm not sure if they need a > Business Associates Agreement with the Insurance > carriers that they submit claims to. Any information > would be greatly appreciated. > > Thank you, > > M.Noren > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions >on this listserv therefore represent the views of the individual participants, and do >not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If >you wish to receive an official opinion, post your question to the WEDI SNIP Issues >Database at http://snip.wedi.org/tracking/. These listservs should not be used for >commercial marketing purposes or discussion of specific vendor products and services. > They also are not intended to be used as a forum for personal disagreements or >unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at >http://subscribe.wedi.org or send a blank email to >[EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the >address subscribed to the list, please use the Subscribe/Unsubscribe form at >http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Business Associates Agreements
Hi, I'm helping some small Billing companies in my area become HIPAA compliant and I'm not sure if they need a Business Associates Agreement with the Insurance carriers that they submit claims to. Any information would be greatly appreciated. Thank you, M.Noren --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Business Associates
Traci, It looks to me like someone's trying to cover all bases with a shotgun approach (run it up the flagpole and see who salutes) . My understanding is that you wouldn't need a BAC any more than a surgeon's office needs one with a Primary Care Physician referring a patient to them. This is Covered Entity to Covered Entity for the purposes of Treatment. The opinions expressed here are my own and not necessarily the opinion of LCMH. Douglas M. WebbComputer System EngineerLittle Company of Mary Hospital & Health Care Centers[EMAIL PROTECTED] "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s) named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately, delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you." - Original Message - From: Traci Winter To: WEDI SNIP Privacy Workgroup List Sent: Wednesday, January 22, 2003 12:47 PM Subject: Business Associates Hey everyone, I know this topic has been hashed out like crazy but I find myself confused. As a homecare agency we receive our business via referrals from health care facilities and MD offices. We are not providing services on behalf of these entities. It was my understanding that we wouldn't be considered BAs of these CEs but, due to receiving a BAC in the mail today, I find that I am now unsure Help . Traci Winter Hospitals Home Health Care, Inc. Special Projects Coordinator, Privacy Official---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Business Associates
Hey everyone, I know this topic has been hashed out like crazy but I find myself confused. As a homecare agency we receive our business via referrals from health care facilities and MD offices. We are not providing services on behalf of these entities. It was my understanding that we wouldn't be considered BAs of these CEs but, due to receiving a BAC in the mail today, I find that I am now unsure Help . Traci Winter Hospitals Home Health Care, Inc. Special Projects Coordinator, Privacy Official --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: Board of Directors - Workforce or Business Associates?
We are treating ours as "workforce" and having them sign confidentiality statements. brenda olson Leslie C Bender wrote: How are organizations classifying Board of Directors or Trustee members?Workforce -- or since they are not "under the direction" of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as business associates and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org -- Brenda Olson, M.Ed., RHIA Vice President for Health Info Management Great Plains Health Alliance, Inc. 7316 SW 27th Street Topeka, KS 66614 Phone: 785-478-3659 Fax: 785-478-9780 email: [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Board of Directors - Workforce or Business Associates?
Leslie, A Corporation's charter and bylaws would "control" how the Board may function. Consequently, the Board could be construed as part of the workforce. Further, in the Preamble to the (initial) Final Privacy rules, HHS notes that, "independent contractors may or may not be workforce members. However, for compliance purposes we will assume that such personnel are members of the workforce if no business associate contract exists." I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Leslie C Bender [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 4:12 PM To: WEDI SNIP Privacy Workgroup List Cc: 'Drexler, Deborah (EHS)' Subject: RE: Board of Directors - Workforce or Business Associates? How are organizations classifying Board of Directors or Trustee members? Workforce -- or since they are not "under the direction" of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as “business associates” and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: Board of Directors - Workforce or Business Associates?
How are organizations classifying Board of Directors or Trustee members? Workforce -- or since they are not "under the direction" of the covered entity, but have a need from time to time, to receive PHI, or might they better be classified as “business associates” and need a business associate agreement? Leslie C. Bender General Counsel/Privacy Official The ROI Companies 1922 Greenspring Drive, Suite 7 Timonium, Maryland 21093 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: PRIVACY: CLEARINGHOUSES ACTING AS BUSINESS ASSOCIATES
Bard, CE’s are precluded from sharing PHI with BA’s that are NOT compliant with the Privacy rules. I hope that this helps. Your questions are always welcome. Matt Matthew Rosenblum Chief Operations Officer Privacy, Quality Management & Regulatory Affairs http://www.CPIdirections.com CPI Directions, Inc. 10 West 15th Street, Suite 1922 New York, NY 10011 (212) 675-6367 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this communication in error, please do not distribute it. Please notify the sender by E-Mail at the address shown and delete the original message. Thank you. AVISO DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la entidad a la cual se dirige y puede contener información privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido esta comunicación por error, por favor no lo distribuya. Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el mensaje original. Gracias. -Original Message- From: Bard, Greg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 10:02 AM To: WEDI SNIP Privacy Workgroup List Subject: PRIVACY: CLEARINGHOUSES ACTING AS BUSINESS ASSOCIATES In the preamble to the Privacy Regulation, there is a discussion as to the applicability of the requirements in Section 164.500. From the discussion, it appears that a healthcare clearinghouse, acting as a Business Associate, does not need to honor the requirements for individual requests for privacy protections. This would be all the individual rights. However, it seems that the Business Associate contract must include provisions for access/copy, amendment, and accounting of disclosures. Am I interpreting this correctly and can someone provide clarification? Thanks! Greg Bard NASCO HIPAA Privacy and Security Project Manager (W) 678.441.6059 (F) 678.441.6359 [EMAIL PROTECTED] __ CONFIDENTIALITY NOTICE The information in this message (and the documents attached to it, if any) is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have created and notify me immediately. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
PRIVACY: CLEARINGHOUSES ACTING AS BUSINESS ASSOCIATES
In the preamble to the Privacy Regulation, there is a discussion as to the applicability of the requirements in Section 164.500. From the discussion, it appears that a healthcare clearinghouse, acting as a Business Associate, does not need to honor the requirements for individual requests for privacy protections. This would be all the individual rights. However, it seems that the Business Associate contract must include provisions for access/copy, amendment, and accounting of disclosures. Am I interpreting this correctly and can someone provide clarification? Thanks! Greg Bard NASCO HIPAA Privacy and Security Project Manager (W) 678.441.6059 (F) 678.441.6359 [EMAIL PROTECTED] __ CONFIDENTIALITY NOTICE The information in this message (and the documents attached to it, if any) is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have created and notify me immediately. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Are these Business Associates
Are the following busness associates: Contract Social workers Contract physical therapists and dieticians Funeral Homes Thanks _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org