Thank you for all your responses. They were all great and exactly what I expected -
Now I will tell you the rest of the story - A man stole some Rx books and forged the Rx's - but it gets better - he used someone else's name and the pharmacy gave this information to physicians when the person they thought and named was seeking drugs, was actually not. You can imagine how mad this man was after the information got back to his employer who was a friend of a physician that received one of the general mail-out letters about him being a drug seeker. Makes you think, doesn't it? Rebekah Savoie Healthcare Consultant >>> "Christiansen, John (SEA)" <[EMAIL PROTECTED]> 01/16/03 02:55PM >>> Robert - I think I need to question one of your assumptions, and your approach to this kind of problem. #1 the assumption that: <the individual has lost the right to privacy once they break the law> is not correct, and is in fact dangerously incorrect. HIPAA does not state that principle anywhere. It does list a number of conditions under which PHI may be disclosed: for TPO, under an authorization, and under the conditions listed in 45 CFR 164.512 (uses and disclosures not for TPO for which no authorization is required). If you read that regulation you will see that subsection (a) does permit a disclosure required by law, while subsection (f) sets out the specific requirements for disclosures for law enforcement purposes. (The other exceptions in this regulation don't appear likely ever to apply to this kind of situation). If there is a law on the books requiring disclosure of drug-seeking behavior, exception (a) would apply; but I am not aware of any such laws (doesn't mean there aren't any, I just don't know of any). This is a very different approach to privacy from the assumption that "if you break the law you lose your privacy." While the U.S. Constitution does not explicitly state a privacy right (there are theories that it does so implicitly, but that's another set of questions), HIPAA does create a statutory/regulatory set of privacy obligations on the part of CEs and entitlements on the part of individuals. I frankly don't think that a pharmacist's judgment that he thinks someone has broken the law by improperly seeking drugs (by the way, *is* drug-seeking behavior a crime? or just a basis for suspicion of a crime? or are we using an alert of this kind to prevent health problems and over-prescription?) will suffice to eliminate this entitlement (as a matter of law) or relieve the pharmacist, as a CE, of his or her obligation to respect these privacy entitlements by complying with the regulations. (By the way, what if he's wrong? In addition to breach of privacy there might well be a suit for libel available.) This is not to say something can't be done to communicate about this kind of problem - we have discussed it quite a bit and there have been a number of good postings on the subject - but the way to approach a solution it is to start with the regulations and read them carefully. (Also any applicable business associate contracts; for example, in your example of the PBM, has the PBM checked to make sure any BAC it has with a CE that provided some of the PHI which describes the prescriptions written permits that kind of disclosure? There are some badly drafted documents out there, not all of which might allow for everything you would like to assume they do.) The underlying point being that with HIPAA coming into effect decisions like these have to be made in a more formal way, with actual reference to regs and contracts and not in reliance on what you assume should be the right result. John R. Christiansen Preston | Gates | Ellis LLP 701 Fifth Avenue, Seattle, Washington 98104 *Direct: 206.613.7118 - *Cell: 206.683.9125 * [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 12:05 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: Here is a good Privacy Issue that will cause problems Yes and no. First, they are breaking the law when they doctor-shop for narcotics. Secondly, who is responsible for report this to law enforcement? The question comes up, how did you know the individual went to different pharmacies? were you told by the same chain of pharmacies? Usually it will be tracked by the PBM when multiple pharmacies are being used. That's why our organization wants to control narcotics OTC. Oxeycontin is usually a long term medication for severe pain and should be provided mail (where there are systems in place to catch this kind of misuse). It is a red flag when narcotics are being prescribe OTC. With regard to what should happen; the PBM should write letters to all physicians that prescribe this narcotic to the individual in question, making them aware of the manufacturers protocol and the total number of pills being prescribed -- this is done as a matter of post utilization review for OTC drugs. The question is who has the responsibility to report this to the authorities? I believe under your scenario, the individual has lost the right to privacy once they break the law. Please correct me if I am wrong in my assumptions. Thanks, Robert Robert Blinch-Edwards Executive Director Healthcare Sarasota, Inc. 1991 Main Street, Suite 148 Sarasota, FL 34236 Tel: 941-917-7995 Fax: 941-917-1930 email: [EMAIL PROTECTED] Web: www.hcsrq.com In a message dated 1/15/2003 3:43:15 PM Central Standard Time, [EMAIL PROTECTED] writes: Subj: Here is a good Privacy Issue that will cause problems Date: 1/15/2003 3:43:15 PM Central Standard Time From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> Sent from the Internet Today, a clinic that I work with received a letter from a local pharmacy about a patient that was a "Drug Seeker" as we call them. Over the course of 30 days he had been to several doctors and several pharmacies and received over 350 total pills all a controlled substance. What happens to the pharmacy's ability to do these types of things under Privacy? Clearly, pharmacist were communicated information back and forth to each other and to physicians on this person. They even sent letters to all physicians in the area. Problem? yes or no Rebekah Savoie, CCS-P Healthcare Consultant --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org Confidentiality Note: The information contained in this email message is legally privileged and confidential, intended only for the use of the individual or entity named above. If the reader of this email message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copy of this email message is strictly prohibited. Robert Blinch-Edwards Executive Director Healthcare Sarasota, Inc. 1991 Main Street, Suite 148 Sarasota, FL 34236 Tel: 941-917-7995 Fax: 941-917-1930 email: [EMAIL PROTECTED] Web: www.hcsrq.com --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org