No, you're not being paranoid. It's my opinion that
both the 270/271 and 276/277, as well as all other HIPAA transactions, contain
PHI. Further, I also believe that the HIPAA transactions are part of the various
covered entity's treatment, payment and operations activities. Thus, it's
incumbent upon the entity to disclose PHI only to an entity that's permitted to
receive it.
It this case, then, the disclosing party has the
responsibility to validate that the party to whom they are disclosing the PHI is
the correct party and one which is allowed to receive it. The method and
mechanism that's used to validate and authenticate the receiver of the
information is left up to the disclosing party.
This is an issue that I always talk about during my
educational workshops on the HIPAA transactions to raise awareness on the part
of the EDI teams that privacy and security apply here as well, and that this has
special requirements.
Rachel
Rachel Foerster
Principal
Rachel Foerster & Associates, Ltd.
Professionals in EDI & Electronic
Commerce
39432 North Avenue
Beach Park, IL 60099
Phone: 847-872-8070
Fax: 847-872-6860
http:/www.rfa-edi.com
-----Original Message-----
From:
Jim Moores [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
March 26, 2002 11:50 AM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: What is the Payer Responsibility to
Validate the Sender for 270/271 and 276/277?
Hi All,
What is the Payer Responsibility to Validate the Sender for
270/271 and 276/277? Should edits be set up for the 270/271 and 276/277
validating that the requestor is a covered entity? We know the Providers
that we have contracts with, so we're only talking about receiving these kinds
of requests from "providers" that we don't know (provider number not on
file). Frankly, I'm not so worried about the 270/271, as that discloses
only that the member has valid coverage.... the risk is in the
transmitting claims status request for a claim that doesn't belong to that
"provider"... either by in error or maliciously. (We do some edits... ie
they have to have the claim number, member id and the date of
service).
Am I just being paranoid (little or no chance) or ....
Jim
Jim Moores - HIPAA Team Leader - Privacy
Antares Management
Solutions
23700 Commerce Park Road
Beachwood, Ohio
44122-5832
**********************************************************************
To be removed from this list, go to:
http://snip.wedi.org/unsubscribe.cfm?list=ivacy
and enter your email
address.
------------------------------------------------------------------------------
CONFIDENTIALITY
NOTICE: This message is intended only for the
use of the individual or
entity to which it is addressed and may contain
information that is
privileged, confidential or exempt from disclosure
under applicable law. If
the reader of this message is not the intended
recipient or the employee or
agent responsible for delivering the message
to the intended recipient, you
are hereby notified that you are strictly
prohibited from printing,
storing, disseminating, distributing or copying
this communication. If you
have received this communication in error,
please notify us immediately by
replying to the message and deleting it
from your computer. Thank You,
Antares Management
Solutions.
==============================================================================
**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.
|
