NACDS took the initiative months ago to ask our chain pharmacy member representatives who are involved with the HIPAA transaction standards to involve their attorneys in reviewing the possible impact of the HIPAA minimum necessary privacy requirements on the HIPAA pharmacy transaction standard 5.1.
The initial concern that was widely held was that the Federal HHS exception to the HIPAA min. nec. privacy provisions could very likely encourage states... if these states believed that the transaction standards where an unjustified shelter to share protected health information between payors and providers... to enact more stringent min. nec. and other privacy requirements... there is no federal preemption for more stringent state privacy laws.
The following HIPAA privacy reg. preamble response to a NPRM comment (Fed. Reg. Vol. 65, No.250/Thursday, December 28,2000/page 82,617... bottom of the 2nd col.) clearly demonstrates the relationship between the HIPAA min. nec. requirements and HIPAA transaction standard 5.1:
"Response: We make an exception to the minimum necessary disclosure provision of this rule for the required and situational data elements of the standard transactions adopted in the Transactions Rule, because those elements were agreed to through the ANSI-accredited consensus development process. The minimum necessary requirements do apply to optional elements in such standard transactions, because industry consensus has not resulted in precise and unambiguous situation specific language to describe their usage. This is particularly relevant to the NCPDP standards for retail pharmacy transactions referenced by these commenters, in which the current standard leaves most fields optional...."
One unexpected issue has been raised that I thought some on this server list may be interested in... perhaps even interested enough to ask their own attorneys' opinions on this issue: Will Federal and/or State courts uphold HHS' exception to the application of the minimum necessary request and disclosure requirements of the HIPAA privacy regulations to the HIPAA Transaction Standards?
The following is a collection of comments that you might want to provide to your attorneys as a starting point to address this question... the answer to this question is important because of the possible increased legal liability that could inure:
- Is it likely that any exception to the privacy reg. consumer/patient protections will be closely scrutinized?
- Is it reasonable for HHS to grant an exception for the sharing of ANY and ALL protected health information contained in the transaction standards simply because payors and providers have agreed to sharing that information in a forum that follows the ANSI-accredited consensus development process?
- Is it necessary for consumers/patients to be adequately represented during the creation of these transaction standards, which may be recognized and adopted by HHS as national HIPAA standards, which allow the sharing of protected health information?
- Referring to a number of words in the quoted HHS response information above... does "the ANSI-accredited consensus development process" require a fair representation of providers as well as payors and... if the answer to that question is yes... did sufficient providers actively participate in developing the situational and mandatory fields that have or could receive the HHS min. nec. privacy exception?
- Is the HHS exception to the HIPAA min. nec. privacy provisions suspect because HHS is also one of the largest payors for health care in the U.S. and therefore may favor providers disclosing more protected health information to payors than consumers/patients would find reasonable... in other words, does HHS have a conflict of interest concerning granting this exception to the min. nec. HIPAA privacy requirements?
- Was it reasonable for HHS to grant the exception from the application of the min. nec. HIPAA privacy requirements to HIPAA transaction standards that were adopted by HHS as HIPAA transaction standards prior to the publication date of the HIPAA privacy regulations... in other words "grandfathering" those transaction standards that were developed without the benefit of knowing what the HIPAA privacy regulations would require.
- Is it possible to obtain a Federal and/or State(s) "advisory option" on whether or not the HHS exception will protect payors and providers from being sued for breaching patient privacy for requesting or disclosing more than the HIPAA min. nec. information... this is necessary to adequately assess possible legal liability?
I welcome your email responses to these questions and/or for you to share any additional questions or concerns. THANK YOU VERY MUCH!!!
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
