When an employee of a covered entity accesses PHI and it is determined that
this was done wrongly (say, violating the minimum necessary requirements for
that employee, or just plain inappropriate access someone's PHI by the
employee), would this result in the employer having to log it into the
Suarez [EMAIL PROTECTED]
To: WEDI SNIP Privacy Workgroup List [EMAIL PROTECTED]
Sent: Saturday, November 01, 2003 5:06 AM
Subject: Employee Access and Accounting of Disclosures
When an employee of a covered entity accesses PHI and it is determined
that
this was done wrongly (say, violating
Ellen,
This is one of those HIPAA topics where we would advise hanging a large
Proceed with Caution sign, and where we would welcome additional guidance
from HHS.
Section 164.528(a)(1)(iii) of the Privacy rules --Accounting of disclosures
of protected health information-- notes that HIPAA does
The National Association of Boards of Pharmacy requested guidance from
OCRregarding the application of the accounting requirement to
regulatoryinspections made by state boards of pharmacy and mandatory
disclosures forcontrolled substance tracking. By way of background,
pharmacies
Title: Message
Can anyone help explain the paragraph in the
OCR letter (last one on first page) that talks about not having to track
disclosures individually? I am confused at the direction here. We are
required to provide an accounting of disclosures with information on when the
disclosure
Message-
From: Dean Cranwell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 8:40 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Accounting for Disclosures, and Health Oversight
Rachel:
I believe your thinking is correct. I attended the Regional HIPAA
Conference sponsored
, RHIA
-Original Message-
From: rachelmcass [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 7:43 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Accounting for Disclosures, and Health Oversight
I attended education yesterday for nursing facility providers, in which
on Individual
Rights noted that the nine disclosures permitted by the public policy
exception to the Privacy Rule which included Health Oversight Activities
must be included in an accounting of disclosures.
Dean Cranwell
Chief Privacy Officer
American HealthCare, LLC
2965 Colonnade Drive, Suite 200
Roanoke
Rachel,
Since Leah and Dean already responded to the first part of your question
I'll just address the last part. Yes, 'wrongful' disclosures must be
included in an accounting.
Cheri
-Original Message-
From: rachelmcass [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003
Licensing activities are included in health care operations and health care
operations do not have to be tracked for accounting of disclosures. I am
just going by the regulations. I don't think that that is stretching it.
Thanks.
Molly Shek, MS, RHIA
Hi Janelle,
In regards to your questions about the accounting of disclosures, waivers of
authorization and research, the answer is YES.
No accounting of disclosures for the following:
- Limited data set disclosure for research
- Deidentified information for research
- Research conducted
I know this has been asked repeadetly, but now that I'm training our workforce I'm
starting to get more detailed questions on what needs to be logged. As the HIPAA rule
states it they say what does not have to be logged, but they don't say what does. So,
by the process of elimination I'm left
Subject: Accounting of Disclosures
I know this has been asked repeadetly, but now that I'm training our
workforce I'm starting to get more detailed questions on what needs to be
logged. As the HIPAA rule states it they say what does not have to be
logged, but they don't say what does. So
I understood that if you were disclosing PHI to worker's comp carriers for payment purposes, you would not have to include it in the accoutning of disclosures.
Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
Jill --
Correct. You do not have to account for workers compensation
disclosures.
Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955
Warner Center Lane Woodland Hills, CA
91367 (818) 598-6606 Fax: (818) 598-3270 [EMAIL PROTECTED
Thanks for
the clarification. I was only thinking of Workers Comp in terms of
"payment", and yes, I agree, any disclosures outside of payment you would need
an accounting.
Dee Warrington Director, HIPAA and Regulatory Compliance OAO HealthCare Solutions, Inc. 20955
Warner C
As a
Business Associate collection agency, we have not had any Covered Entity clients
request to track our disclosures themselves. The wording they have used
inour contractsinstructs us to forward disclosure information if
they notify us of an accounting request. What we are doing
By the same token, for the patient accounting, would you have to include disclosures you make to business associates like transcription agencies and disposal agencies? They would come up very often...
Jill Rubin, Esq.
(617)388-2404
[EMAIL PROTECTED]
---
The WEDI SNIP listserv to which you
I'm
not entirely sure who "you" is in your question, but I assumed that you are
asking about business associates disclosing to business associates,so
here's a stab at an answer. It might also apply if you're asking about CE
disclosures to transcription/disposal agencies.
to be logged as
disclosures.
Joanne
Marquez
Senior Director
Beech Street
Corporation
Account Services
(949)
672-1519
-Original Message-From: Jason Brege
[mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 7:32 AMTo: WEDI SNIP Privacy Workgroup ListSubject: RE
--Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]Sent: Tuesday, March 11,
2003 11:18 AMTo: [EMAIL PROTECTED];
[EMAIL PROTECTED]Subject: RE: Tracking Disclosures by
Business Associates
Wouldn't disposal come under operations? We have a vendor who picks us
l
When we are intervening in an event that threatens Public Health (eg, a restaurant
employee who has HEP-A) it is most likely necessary that we disclose PHI (eg, tell the
restaurant manager the name of the employee who has HEP-A). My reading of 160.203(c),
as well as 164.512(b), permits this.
: Accounting of Disclosures
Disclosures for TPO do not have to be included in the Accounting of
Disclosures. Please review the following list and let me know if you intent
to include these in your Accounting Of Disclosures and the reason for the
exception. Thanks.
Suspected abuse reporting
Underage
Our organization has elected not to become affiliated at this time.
Therefore, each entity will become responsible for tracking their own
disclosures as well as responding to requests for restrictions. Unless
you can purchase a tracking software, managing this would be very
difficult and I am
So each of you will have your own NPP, policies, etc... You will track all
separately?
-Original Message-
From: Shelly Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 20, 2003 1:24 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Tracking for Accounting of Disclosures
Our
Title: Tracking for Accounting of Disclosures
I am interested in how organizations that have multiple locations, or multiple legal entities are approaching the Tracking of Disclosures.
Are you:
1. Using a manual solution such as spreadsheets or paper logs?
2. Building a solution
Teri,
I also agree - these are separate requirements that are not mutually
exclusive. A covered entity must meet all requirements, relevant to a
particular use or disclosure:
A covered entity must have a notice of privacy practices which lists
relevant disclosures and examples, among other
Teri -- You are overstating the accounting for disclosures requirenment.
Under the modified final rule, the only disclosures that are subject to
the accounting for disclosure under § 164.528 are most post-4/14/03 (but
not all) disclosures that are made without an authorization under §
164.512 (e.g
authorizations in our records, thus serving as a
reference to our diclosure if we ever desire to refer back to disclosures
made based on an authorization.
Cindi Bowman
Quality and Compliance Coordinator
Catawba County Health Department
828-695-5847
-Original Message-
From: Doug Webb
Title: Message
Read 45 164.502 uses and disclosures of protected health
information: general rules:(i) "Standard: Uses and disclosures
consistent with notice. A covered entity that is required by 164.520 [the
section addressing the notice of privacy practices] to have a notice may no
Title: Message
The
disclosures I had referenced in my earlier email posting are permissible
disclosures (disclosures for audit purposes are allowed by HIPAA). I did not
mean to imply that all accounting can be avoided as the notice should address
typical uses of PHI for a CE.
In general
Title: Message
We may have
come full circle with this discussion.
I
concur. Ive not read anything that makes me believe that releases required by
law are treatment; payment or designated operations. Therefore, I think these
releases must be accounted for.
Here
is a related
Title: RE: Recording Disclosures (was BA Agreement Questions)
I also agree with Carolyn.
An external Auditor would be a BA if (and only if) YOU hired
the firm to perform audits for YOUR business purposes, and the auditor had to
access to PHI in order to perform the audits.
Government
Title: RE: Recording Disclosures (was BA Agreement Questions)
Traci,
I tend to view (at least some of) the audit
activities performed by the State as being conducted on behalf of the CE-Health
Plans (e.g., Medicaid) as opposed to the CE-providers. As such, those State-conducted
audit
Title: RE: Recording Disclosures (was BA Agreement Questions)
IMHO,
the audits are being performed on behalf of the State, under federal guidelines,
and the auditors are NOT business associates. Their audits are on behalf
of the State and Federal governments (i.e. Medicaid), NOT on behalf
Title: RE: Recording Disclosures (was BA Agreement Questions)
I would like to introduce myself, as I am new to this listserv. I am the HIPAA Privacy Project Manager for a health plan in Illinois. Even though I am new to this listserv, several of your names are familar from the HIPAAlive
, is that disclosure of PHIto the
state a part of TPO, since the insurance company doesn't have any choice in the
matter? Can the same be said for all regulatory types of
disclosures?
All opinions expressed are my own and should not be construed to be Medical
Mutual or Antares Management Solutions
for the disclosures that are documented add to
the database. In turn, the database will print the report to give to the
patient. The database will also track any suspension requests received from
law enforcement, etc. and all requests that have been received from the
patient. I created this database for our
Tina,
I am glad to here that someone else is utilizing existing systems. I also
have developed a database for tracking disclosures. We, however have
identified areas that release info and those departments/areas will be
given access to enter the disclosure by patient into the database.
Thanks
The American Health Information Management Association web site has some
very good articles on Accounting of Disclosures and the Association also
provides an Accounting of Disclosures Analysis grid. This is a very good
tool to assist one in identifying the disclosures that do not require
tracking
I work with a large healthcare system in New Mexico.
We also would like to know if other CE's are considering automated or manual
solutions for tracking disclosures and producing an accounting as required
by law.
Also, how are other CE's handling the issue of being able to report not only
The NMEH HIT sub workgroup intends to discuss accounting for disclosures
during the next HIT call. During our last call the topic came up for
discussion and I offered to post an email to a couple of listservs to
generate some discussion regarding this topic.
How have CE's been dealing
I have a question regarding releasing PHI to fully funded groups.
Are health plans considering releasing PHI to fully funded groups
provided they have a signed certification on file or are plans only releasing
summary/de-identified PHI to the fully funded groups and not using the
on it is prohibited and may be unlawful.
*
-Original Message-From: Waterhouse, Melissa
[mailto:[EMAIL PROTECTED]]Sent: Thursday, January 23, 2003
3:03 PMTo: WEDI SNIP Privacy Workgroup ListSubject:
Disclosures of PHI
To: WEDI SNIP Privacy Workgroup List
Subject: Disclosures to Insurance Brokers
I am looking for citations from the Privacy rule that support the
disclosure of PHI to Insurance Brokers when the member asks the
broker to intervene on their behalf with the Health Plan or Group
Health Plan.
Assume
45 matches
Mail list logo
