This is an automated reply.
I will be out of the office from Thurs., 9/13 through Friday, 9/21, and I will not be
responding to e-mail.
If you need immediate assistance, please contact Steven McGregor at (206) 901-7437,
8-600-7437. rm
>>> "[EMAIL PROTECTED]" 09/14/01 07:20 >>>
NACDS took the initiative months ago to ask our chain pharmacy member
representatives who are involved with the HIPAA transaction standards to
involve their attorneys in reviewing the possible impact of the HIPAA
minimum necessary privacy requirements on the HIPAA pharmacy transaction
standard 5.1.
The initial concern that was widely held was that the Federal HHS exception
to the HIPAA min. nec. privacy provisions could very likely encourage
states... if these states believed that the transaction standards where an
unjustified shelter to share protected health information between payors and
providers... to enact more stringent min. nec. and other privacy
requirements... there is no federal preemption for more stringent state
privacy laws.
The following HIPAA privacy reg. preamble response to a NPRM comment (Fed.
Reg. Vol. 65, No.250/Thursday, December 28,2000/page 82,617... bottom of the
2nd col.) clearly demonstrates the relationship between the HIPAA min. nec.
requirements and HIPAA transaction standard 5.1:
"Response: We make an exception to the minimum necessary disclosure
provision of this rule for the required and situational data elements of the
standard transactions adopted in the Transactions Rule, because those
elements were agreed to through the ANSI-accredited consensus development
process. The minimum necessary requirements do apply to optional elements
in such standard transactions, because industry consensus has not resulted
in precise and unambiguous situation specific language to describe their
usage. This is particularly relevant to the NCPDP standards for retail
pharmacy transactions referenced by these commenters, in which the current
standard leaves most fields optional...."
One unexpected issue has been raised that I thought some on this server list
may be interested in... perhaps even interested enough to ask their own
attorneys' opinions on this issue: Will Federal and/or State courts uphold
HHS' exception to the application of the minimum necessary request and
disclosure requirements of the HIPAA privacy regulations to the HIPAA
Transaction Standards?
The following is a collection of comments that you might want to provide to
your attorneys as a starting point to address this question... the answer to
this question is important because of the possible increased legal liability
that could inure:
* Is it likely that any exception to the privacy reg. consumer/patient
protections will be closely scrutinized?
* Is it reasonable for HHS to grant an exception for the sharing of
ANY and ALL protected health information contained in the transaction
standards simply because payors and providers have agreed to sharing that
information in a forum that follows the ANSI-accredited consensus
development process?
* Is it necessary for consumers/patients to be adequately represented
during the creation of these transaction standards, which may be recognized
and adopted by HHS as national HIPAA standards, which allow the sharing of
protected health information?
* Referring to a number of words in the quoted HHS response
information above... does "the ANSI-accredited consensus development
process" require a fair representation of providers as well as payors and...
if the answer to that question is yes... did sufficient providers actively
participate in developing the situational and mandatory fields that have or
could receive the HHS min. nec. privacy exception?
* Is the HHS exception to the HIPAA min. nec. privacy provisions
suspect because HHS is also one of the largest payors for health care in the
U.S. and therefore may favor providers disclosing more protected health
information to payors than consumers/patients would find reasonable... in
other words, does HHS have a conflict of interest concerning granting this
exception to the min. nec. HIPAA privacy requirements?
* Was it reasonable for HHS to grant the exception from the
application of the min. nec. HIPAA privacy requirements to HIPAA transaction
standards that were adopted by HHS as HIPAA transaction standards prior to
the publication date of the HIPAA privacy regulations... in other words
"grandfathering" those transaction standards that were developed without the
benefit of knowing what the HIPAA privacy regulations would require.
* Is it possible to obtain a Federal and/or State(s) "advisory option"
on whether or not the HHS exception will protect payors and providers from
being sued for breaching patient privacy for requesting or disclosing more
than the HIPAA min. nec. information... this is necessary to adequately
assess possible legal liability?
I welcome your email responses to these questions and/or for you to share
any additional questions or concerns. THANK YOU VERY MUCH!!!
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
