whether it addresses
disclosures only, as the title would indicate, or whether it includes
accounting of uses. They urged that the standard address disclosures only,
and not uses, which would make implementation far more practicable and less
burdensome.
Response: The final rule requires disclo
Ellen,
This is one of those HIPAA topics where we would advise hanging a large
"Proceed with Caution" sign, and where we would welcome additional guidance
from HHS.
Section 164.528(a)(1)(iii) of the Privacy rules --Accounting of disclosures
of protected health information-- notes that
-
From: "Walter Suarez" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Saturday, November 01, 2003 5:06 AM
Subject: Employee Access and Accounting of Disclosures
> When an employee of a covered entity accesses PHI
When an employee of a covered entity accesses PHI and it is determined that
this was done wrongly (say, violating the minimum necessary requirements for
that employee, or just plain inappropriate access someone's PHI by the
employee), would this result in the employer having to log it into the
acco
Title: Message
Can anyone help explain the paragraph in the
OCR letter (last one on first page) that talks about not having to track
disclosures individually? I am confused at the direction here. We are
required to provide an accounting of disclosures with information on when the
The National Association of Boards of Pharmacy requested guidance from
OCRregarding the application of the accounting requirement to
regulatoryinspections made by state boards of pharmacy and mandatory
disclosures forcontrolled substance tracking. By way of background,
pharmacies
Message-
From: Dean Cranwell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 8:40 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting for Disclosures, and Health Oversight
Rachel:
I believe your thinking is correct. I attended the Regional HIPAA
Conference sponsored by
Licensing activities are included in health care operations and health care
operations do not have to be tracked for accounting of disclosures. I am
just going by the regulations. I don't think that that is stretching it.
Thanks.
Molly Shek, MS,
for a facility to track this.
Thanks for all the responses so far,
Rachel
-Original Message-
From: Shek, Molly [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 9:34 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting for Disclosures, and Health Oversight
Dean,
I
Rachel,
Since Leah and Dean already responded to the first part of your question
I'll just address the last part. Yes, 'wrongful' disclosures must be
included in an accounting.
Cheri
-Original Message-
From: rachelmcass [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
-Original Message-
From: Dean Cranwell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 8:40 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting for Disclosures, and Health Oversight
Rachel:
I believe your thinking is correct. I attended the Regional HIPAA
Conference
"Individual
Rights" noted that the nine disclosures permitted by the public policy
exception to the Privacy Rule which included "Health Oversight Activities"
must be included in an accounting of disclosures.
Dean Cranwell
Chief Privacy Officer
American HealthCare, LLC
2965 Colonn
y Shek, MS, RHIA
-Original Message-
From: rachelmcass [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 7:43 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Accounting for Disclosures, and Health Oversight
I attended education yesterday for nursing facility pro
You are correct. The rule requires accounting for all disclosures,
except those disclosures included in the exclusions list at 164.528.
Generally what is left after you exclude those, is "public purpose
disclosures" (generally the 164.512 disclosures) and disclosures made in
error.
I attended education yesterday for nursing facility providers, in which a
representative of the state's Department of Inspections and Appeals - our
health oversight agency in Iowa for nursing facilities - stated that
facilities do not need to account for disclosures made to them during a
s
Hi Janelle,
In regards to your questions about the accounting of disclosures, waivers of
authorization and research, the answer is YES.
No accounting of disclosures for the following:
- Limited data set disclosure for research
- Deidentified information for research
- Research conducted
Yes you do have to account for those research disclosures.
Molly Shek, MS, RHIA
-Original Message-
From: Wesloh, Janelle [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 11:05 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Accounting of
For research, we state in our Privacy Notice that we may use or disclose
protected health information without pt consent or authorization if our
research privacy board (IRB) approves a waiver of authorization for
disclosure.
So, do we then need to account for those disclosures in the accounting
Thanks for
the clarification. I was only thinking of Workers Comp in terms of
"payment", and yes, I agree, any disclosures outside of payment you would need
an accounting.
Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955
Warner C
I would
disagree. I would think that you must account for WC disclosures that are
required by state law. However, many WC disclosures will not have to be
accounted for b/c they fall into the "payment" category which is an exception to
the accounting rule.
bob
Jill --
Correct. You do not have to account for workers compensation
disclosures.
Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955
Warner Center Lane Woodland Hills, CA
91367 (818) 598-6606 Fax: (818) 598-3270 [EMAIL PROTECTED
I understood that if you were disclosing PHI to worker's comp carriers for payment purposes, you would not have to include it in the accoutning of disclosures.
Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discus
group List
Subject: Accounting of Disclosures
I know this has been asked repeadetly, but now that I'm training our
workforce I'm starting to get more detailed questions on what needs to be
logged. As the HIPAA rule states it they say what does not have to be
logged, but they don't s
I know this has been asked repeadetly, but now that I'm training our workforce I'm
starting to get more detailed questions on what needs to be logged. As the HIPAA rule
states it they say what does not have to be logged, but they don't say what does. So,
by the process of elimination I'm left
disclosures are incidental and permitted by the HIPAA Privacy Rule. See 45
CFR 164.502(a)(1). If a service is
hired to do work for a covered entity where disclosure of protected health
information is not limited in nature (such as routine handling of records or
shredding of documents
er immediately. Thank you.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March
11, 2003 8:44 AMTo: WEDI SNIP Privacy Workgroup
ListSubject: Re: Tracking Disclosures by Business
AssociatesBy the same token, for the patient
accounting,
ght shredders or shredding companies
onsite.
Thanks,
Jason Brege
Clinton A. Harkins, P.C.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 11:18 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Tracking Disclosures by Business As
nton A. Harkins, P.C.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11,
2003 11:18 AMTo: [EMAIL PROTECTED];
[EMAIL PROTECTED]Subject: RE: Tracking Disclosures by
Business Associates
Wouldn't disposal come under operations? We h
k ups to be logged as
disclosures.
Joanne
Marquez
Senior Director
Beech Street
Corporation
Account Services
(949)
672-1519
-Original Message-From: Jason Brege
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AMTo: WEDI SNIP Privacy Workgroup ListSubjec
I'm
not entirely sure who "you" is in your question, but I assumed that you are
asking about business associates disclosing to business associates, so
here's a stab at an answer. It might also apply if you're asking about CE
disclosures to transcription/disposal
By the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...
Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are
As a
Business Associate collection agency, we have not had any Covered Entity clients
request to track our disclosures themselves. The wording they have used
in our contracts instructs us to forward disclosure information if
they notify us of an accounting request. What we are doing is
I am curious how covered entities are tracking accountings of disclosures by business associates that they then have to provide to the patient. In some ways, this seems like a daunting task but then again, I am not sure how often it will come up... I would appreciate your thoughts.
Jill Rubin
When we are intervening in an event that threatens Public Health (eg, a restaurant
employee who has HEP-A) it is most likely necessary that we disclose PHI (eg, tell the
restaurant manager the name of the employee who has HEP-A). My reading of 160.203(c),
as well as 164.512(b), permits this.
Sh
PROTECTED]
-Original Message-
From: Shek, Molly [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 7:25 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting of Disclosures
Disclosures for TPO do not have to be included in the Accounting of
Disclosures. Please review the
10:37 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting of Disclosures
These are all reportable.
Linda Noel
Corporate Privacy Officer
Corporate Compliance
Orlando Regional Healthcare
321-843-8693
-Original Message-
From: Shek, Molly [mailto:[EMAIL PROTECTED]
Sent: Tuesday,
: Accounting of Disclosures
Disclosures for TPO do not have to be included in the Accounting of
Disclosures. Please review the following list and let me know if you intent
to include these in your Accounting Of Disclosures and the reason for the
exception. Thanks.
Suspected abuse reporting
Underage
Disclosures for TPO do not have to be included in the Accounting of
Disclosures. Please review the following list and let me know if you intent
to include these in your Accounting Of Disclosures and the reason for the
exception. Thanks.
Suspected abuse reporting
Underage pregnancy reporting
From: Shelly Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 20, 2003 1:24 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Tracking for Accounting of Disclosures
Our organization has elected not to become affiliated at this time.
Therefore, each entity will become responsible for
So each of you will have your own NPP, policies, etc... You will track all
separately?
-Original Message-
From: Shelly Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 20, 2003 1:24 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Tracking for Accounting of Disclosures
Our
Our organization has elected not to become affiliated at this time.
Therefore, each entity will become responsible for tracking their own
disclosures as well as responding to requests for restrictions. Unless
you can purchase a tracking software, managing this would be very
difficult and I am
eed to log these. We will be logging all disclosures made for
auditing, whether the audit is done by the state, Dept of Health,
etc.
Deborah Campbell
Compliance Coordinator
Dominion Dental Services,
Inc. 115 South Union
Street, Suite 300 Alexandria, Virginia 22314
Phn: (703) 518-5000 ext.
Title: Tracking for Accounting of Disclosures
I have
budgeted for a vendor, but it might not get approved, so I would be interested
in what others are doing
-Original Message-From: Owens, Kris
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, February 18, 2003 7:27
PMTo: WEDI SNIP
Title: Tracking for Accounting of Disclosures
We are
a multi-use organization with 7 hospitals, outpatient clinics and physician
offices. We are currently building our own Accounting of Disclosure Data
base in house and requiring individual departments to designate individuals
to enter
Title: Tracking for Accounting of Disclosures
I am interested in how organizations that have multiple locations, or multiple legal entities are approaching the Tracking of Disclosures.
Are you:
1. Using a manual solution such as spreadsheets or paper logs?
2. Building a solution such
Teri -- You are overstating the accounting for disclosures requirenment.
Under the modified final rule, the only disclosures that are subject to
the accounting for disclosure under § 164.528 are most post-4/14/03 (but
not all) disclosures that are made without an authorization under §
164.512 (e.g
Teri,
I also agree - these are separate requirements that are not mutually
exclusive. A covered entity must meet all requirements, relevant to a
particular use or disclosure:
A covered entity must have a notice of privacy practices which lists
relevant disclosures and examples, among other
Title: RE: Disclosures
You have stated the facts correctly.
-Original Message-
From: Teri Baskett [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 17, 2003 12:10 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Disclosures
I hate to weigh in here one more time, but my
I hate to weigh in here one more time, but my understanding what that we have to
provide the pt/client an accounting of all disclosures that were not specifically
covered by an authorization (initially, it was interpreted that those had to be logged
and tracked also, but that was amended in the
isclosure". In fact,
your Notice is required to do just that.
I'm not sure I can think of any disclosure that you are allowed to make that
doesn't need to be mentioned in some general way within the NPP. Indeed, the
NPP is intended to give individuals "adequate notice of th
Title: Message
I
think you may be confusing authorizations and notices. I think if the patient
signed an authorization, say for a clinical trial, that said we will disclose
your information to XYZ drug company and ABC University who are co-investigators
on the project, those disclosures
Title: Message
We may have
come full circle with this discussion.
I
concur. I’ve not read anything that makes me believe that releases required by
law are treatment; payment or designated operations. Therefore, I think these
releases must be accounted for.
Here
is a related tangent
Title: Message
The
disclosures I had referenced in my earlier email posting are permissible
disclosures (disclosures for audit purposes are allowed by HIPAA). I did not
mean to imply that all accounting can be avoided as the notice should address
typical uses of PHI for a CE.
In general
Title: Message
I read
it that we need to account for those disclosures. As a local Public Health
Authority, we need to further disclose public health disclosures reported to us
on up to the State. I think we even have to account for those disclosures
-- altho others disagree with me
Title: Message
I might be wrong, but I concur. I’ve
not read anything that makes me believe that releases required by law are
treatment; payment or designated operations. Therefore, I think these releases
must be accounted for.
Here is a related tangent…while a
patient release might no
Title: Message
No...
I hadn't looked.
Read 45 164.502 uses and disclosures
of protected health information: general rules:(i) "Standard: Uses and
disclosures consistent with notice. A covered entity that is required by 164.520
[the section addressing the notice of privacy pra
a lot of health care providers happy
where I work. All indications I have been given are we have to account for
such disclosures.
Thanks
in advance,
Cindi
-Original
Message-From: Halterman, Anita
[mailto:[EMAIL PROTECTED]]Sent: Friday, February 14,
2003 2:29 PMTo: Cindi Bowman; WE
d the person you make
disclosures for whatever purpose you listed in your notice.
Anita
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] Sent: Friday, February 14,
2003 10:22 AMTo: [EMAIL PROTECTED];
[EMAIL PROTECTED]Subject: RE: NPP and accounting for
disclosures
;. My
beliefs are based on the below HHS Commentary where they are very clear
that CEs must account for even disclosures required by law.
Comments?
Cindi Bowman Quality and Compliance Coordinator Catawba County Health Department 828-695-5847
Right to an Accounting of Disclosures of Pro
Title: Message
Read 45 164.502 uses and disclosures of protected health
information: general rules:(i) "Standard: Uses and disclosures
consistent with notice. A covered entity that is required by 164.520 [the
section addressing the notice of privacy practices] to have a notice may not u
, we
have elected to store authorizations in our records, thus serving as a
reference to our diclosure if we ever desire to refer back to disclosures
made based on an authorization.
Cindi Bowman
Quality and Compliance Coordinator
Catawba County Health Department
828-695-5847
-Original Message-
-
From: "Doug Webb" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Friday, February 14, 2003 11:11 AM
Subject: Re: NPP and accounting for disclosures - was Medicare audits: op erations?
Molly, Cindi:
Where I was coming from is tha
in reliance on the information it contains. Thank you."
- Original Message -
From: "Shek, Molly" <[EMAIL PROTECTED]>
To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
Sent: Friday, February 14, 2003 09:57 AM
Subject: RE: NPP and accounting for dis
I quite agree with your assessment of the difference between Authorization
and the need for Accounting of Disclosures. However, one of the exceptions
to an Accounting of PHI disclosures is disclosures made pursuant to patient
authorization.
Molly Shek, MS, RHIA
Doug,
Why do you suggest "If you need a separate Authorization to do the
disclosure, log it". Refer to § 164.528(a)(1)(iv)
The rule says:
Right to an Accounting of Disclosures of Protected Health Information - §
164.528(a)
1. An individual has a right to receive an accounting of disc
003 1:20 AM
To: WEDI SNIP Privacy Workgroup List
Subject: NPP and accounting for disclosures - was Medicare audits:
operations?
Changing the subject for a minute:
I have seen several emails from people, including the one below, that have
made various statements all to the effect that if you ment
for release of information. The Authorization is either separate (although it might
be on the same piece of paper and/or covered by the same signature), or not required
(TPO disclosures).
If a disclosure is permitted (either by an Authorization or by being part of TPO), it
may or may n
Changing the subject for a minute:
I have seen several emails from people, including the one below, that have
made various statements all to the effect that if you mention a particular
type of disclosure in your NPP, you will not have to account for such
disclosures.
Anita wrote:
"One
being the case, I think my anwer to the original question is still
valid. BA agreements are not necessary with state agencies, or their
contractors, who may be performing audits. Such disclosures are permitted
either as disclosures to other covered entities for certain operations under
section
Title: RE: Recording Disclosures (was BA Agreement Questions)
I also agree with Carolyn.
An external Auditor would be a BA if (and only if) YOU hired
the firm to perform audits for YOUR business purposes, and the auditor had to
access to PHI in order to perform the audits.
Government
Title: RE: Recording Disclosures (was BA Agreement Questions)
I've
got to agree with Carolyn. These audits are done as required by law, or for
Health Oversight. Not on behalf of the health plan.
Deborah Campbell
Compliance Coordinator
Dominion Dental Services,
Inc. 115 South
ed by law to oversee the health care
system (whether public or private) or government programs in which health
information is necessary to determine eligibility or compliance, or to
enforce civil rights laws for which health information is relevant.
§ 164.512 Uses and disclosures for which consen
Title: RE: Recording Disclosures (was BA Agreement Questions)
IMHO,
the audits are being performed on behalf of the State, under federal guidelines,
and the auditors are NOT business associates. Their audits are on behalf
of the State and Federal governments (i.e. Medicaid), NOT on behalf
Title: RE: Recording Disclosures (was BA Agreement Questions)
Traci,
I tend to view (at least some of) the “audit”
activities performed by the State as being conducted on behalf of the CE-Health
Plans (e.g., Medicaid) as opposed to the CE-providers. As such, those State-conducted
Title: RE: Recording Disclosures (was BA Agreement Questions)
I would like to introduce myself, as I am new to this listserv. I am the HIPAA Privacy Project Manager for a health plan in Illinois. Even though I am new to this listserv, several of your names are familar from the HIPAAlive
ke this to mean that the audit is part of TPO, and there for not a
disclosure that needs to be accounted for.
As a footnote, I'm not sure I agree with your implication that by mentioning
the possibility of a type of disclsoure in your NPP you can relieve yourself
of the obligations to acc
f all insurance companies, is that disclosure of PHI to the
state a part of TPO, since the insurance company doesn't have any choice in the
matter? Can the same be said for all regulatory types of
disclosures?
All opinions expressed are my own and should not be construed to be Medica
The American Health Information Management Association web site has some
very good articles on Accounting of Disclosures and the Association also
provides an Accounting of Disclosures Analysis grid. This is a very good
tool to assist one in identifying the disclosures that do not require
tracking
Tina,
I am glad to here that someone else is utilizing existing systems. I also
have developed a database for tracking disclosures. We, however have
identified areas that release info and those departments/areas will be
given access to enter the disclosure by patient into the database.
Thanks
review for the disclosures that are documented & add to
the database. In turn, the database will print the report to give to the
patient. The database will also track any suspension requests received from
law enforcement, etc. and all requests that have been received from the
patient. I created thi
I work with a large healthcare system in New Mexico.
We also would like to know if other CE's are considering automated or manual
solutions for tracking disclosures and producing an "accounting" as required
by law.
Also, how are other CE's handling the issue of being abl
The NMEH HIT sub workgroup intends to discuss accounting for disclosures
during the next HIT call. During our last call the topic came up for
discussion and I offered to post an email to a couple of listservs to
generate some discussion regarding this topic.
How have CE's been dealing
e on it is prohibited and may be unlawful.
*
-Original Message-From: Waterhouse, Melissa
[mailto:[EMAIL PROTECTED]]Sent: Thursday, January 23, 2003
3:03 PMTo: WEDI SNIP Privacy Workgroup ListSubject:
Disclosures
I have a question regarding releasing PHI to fully funded groups.
Are health plans considering releasing PHI to fully funded groups
provided they have a signed certification on file or are plans only releasing
summary/de-identified PHI to the fully funded groups and not using the
certif
: WEDI SNIP Privacy Workgroup List
Subject: Disclosures to Insurance Brokers
I am looking for citations from the Privacy rule that support the
disclosure of PHI to Insurance Brokers when the member asks the
broker to intervene on their behalf with the Health Plan or Group
Health Plan.
Assume the
You might want to review the section in WEDI SNIP Privacy Policies and
Procedures Resource Document (version 2.0) on the topic of use and
disclosures of PHI to brokers. The resource document is available for
download from the SNIP website - http://snip.wedi.org. This document is an
update to the
I am looking for citations from the Privacy rule that support the
disclosure of PHI to Insurance Brokers when the member asks the
broker to intervene on their behalf with the Health Plan or Group
Health Plan.
Assume the broker has a BA contract in place with the Health Plan or
Group Health Plan.
Scott == Because Jill's email is refers to authorizations, I assumed
that she was asking about disclosures that the non-covered entity
insurer requested from the covered entity for its own purposes rather
than disclosures that a covered entity may decide to make to a
non-covered entity insure
.foxsys.com and
delete from your system.
>>> "David Ermer" <[EMAIL PROTECTED]> 01/14/03 09:28 AM >>>
Jill -- The covered entity's ability to disclose PHI to workers comp
programs is a mixed blessing because although an authorization is not
required, such dis
David,
One possible exception to disclosures to a non-covered entity may be for
subrogation issues. I believe subrogation and COB are part of payment even
if they occur after a provider is paid
I realize the early guidance would seem to say otherwise, but I believe HHS
has reconsidered this
Jill -- The covered entity's ability to disclose PHI to workers comp
programs is a mixed blessing because although an authorization is not
required, such disclosures are subject to the accounting for disclosures
requirement. In my opinion, covered entities may not disclose PHI to
other ins
I understand that no authorization form is required for disclosures to worker's compensation programs for payment purposes. Are auto carriers and disability insurers also included under the definition of "similar programs established by law that provide benefits for work-related inj
January 08, 2003 6:18
PMTo: WEDI SNIP Privacy Workgroup ListSubject:
Disclosures to attorneys?I am curious as to how other
providers are handling disclosures of information to attorneys. My
understanding is that even if the attorney has the patient sign a consent form
and then sends t
93 matches
Mail list logo
