HIPAA
is not intended to *preclude* use of PHI for treatment. Consultation with other
providers for treatment purposes is specifically permitted, under the broadest
terms of any of the HIPAA use/disclosure provisions.
But
the definition of CE does not include governmental *law enforcement* agencies -
though it does include governmental *providers and plans* - and consultation
with *law enforcement officials* is not *treatment.* (Unless you want to
argue that becoming the subject of a criminal investigation and potentially
criminal prosecution is "treatment," which would be an interesting semantic
stretch and more to the point an interpretation inconsistent with the rules' own
distinctions between the two types of PHI use.) Since a
disclosure to law enforcement it is not for *treatment* other rules apply,
which should not be difficult to comply with, though the failure to comply could
expose the CE to penalties.
Likewise, the disclosure of PHI to another pharmacist to advise him or
her of possible drug-seeking behavior is not for the purpose of *treatment*
unless both pharmacists have a professional relationship to the possible
drug-seeker; the goal then would indeed be the provision of clinically sound
treatment services. That purpose is *not* present when a pharmacist sends
that kind of information to another pharmacist who doesn't have a relationship
to the individual in question - the latter is not engaged in "providing,
coordinating or managing health care or related services" to the individual (the
definition of "treatment"), so the former *cannot* be disclosing the PHI for
that purpose.
The
question then is, if the disclosure to the second pharmacist is not for purposes
of treatment, what *is* the purpose of the disclosure? Once you have
articulated that purpose accurately, you look at the rules to see if it is
permitted, and if so under what conditions. If it is permitted, you disclose
under the conditions the rule states (if any). If it is not permitted, you don't
make the disclosure.
I
guess at this point I'm not sure what the resistance or disagreement is
about. I think the prudent approach is to read the rules and work within
them, and I think they can be worked with to legitimately handle the kind of
situation described in Rebekah's original scenario (which is what I am still
responding to). There appears to be a disagreement with this position and I'd
like those who disagree to clarify what their own position in fact
is.
Is the
disagreement based on the belief that this approach encroaches too much on
traditional professional discretion of pharmacists to disclose patient
information according to their own judgment, not according to bureaucratic
rules? If so that is a legitimate position, one that has been articulated
by a number of professionals in a number of settings, and one I sympathize with
to an extent. But it is also a position that in the final analysis is about
HIPAA resistance, not HIPAA compliance.
If the
requirement to comply with bureaucratic rules improperly infringes on
professional discretion, from the professional's point of view the solution is
to abolish the rules (i.e., HIPAA), or to ignore them and be ready to take the
consequences as a matter of taking the moral high ground against an intrusive
government. But if you accept that the rules are legitimate, or at least that it
is too risky to violate them, the solution is to read them and comply with them,
and to the extent they do cause problems try to get HHS to reform
them.
If
this is not an accurate description of the basis for disagreement with the "read
the rules" approach, it would be helpful to know what the basis for the
disagreement in fact *is.* If we are going to have divergent standards for
approaching compliance we better get them on the table so we know what we are
talking about.
John,
Under HIPAA, a
pharmacist's job is to provide direct treatment services and to use and
disclose related PHI in accordance with the privacy, security and TCS
rules. So if a pharmacist needs to consult with other CE's in the
neighbor (or to contact government offficials) to provide a clinically sound
treatment service, how would HIPAA preclude those
activities?
I hope that this
helps.
Your questions are
always welcome.
Matt
Matthew
Rosenblum
Chief Operations
Officer
Privacy, Quality
Management & Regulatory Affairs
CPI
Directions, Inc.
10 West 15th Street,
Suite 1922
New
York, NY
10011
(212)
675-6367
[EMAIL PROTECTED]
CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity
to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.
Please notify the sender by E-Mail at the address shown and delete the
original message. Thank you.
AVISO
DEL
CONFIDENCIALIDAD: Este email es solamente para el uso
del
individuo o la entidad a la cual se dirige y puede contener información
privilegiada, confidencial y exenta de acceso bajo la ley aplicable. Si usted
ha recibido esta comunicación por error, por favor no lo distribuya.
Favor notificar al remitente del E-Mail a la dirección mostrada y elimine el
mensaje original. Gracias.
-----Original
Message----- From:
Christiansen, John (SEA) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January
16, 2003 7:09
PM To: WEDI SNIP Privacy Workgroup
List Subject: RE: Here is a
good Privacy Issue that will cause problems
Hate to
say it, but I disagree: Under HIPAA a pharmacist's job is to establish and
comply with certain policies for privacy, security and electronic claims
processing. It is a pharmacist's *professional* obligation to avoid (or
mitigate) harm to individuals, and HIPAA is not intended to *interfere* with
this. But HIPAA says nothing about mitigation of harm or professional
standards.
-----Original
Message----- From: Matthew
Rosenblum [mailto:[EMAIL PROTECTED]] Sent: Thursday, January
16, 2003 3:57
PM To: WEDI SNIP Privacy Workgroup
List Subject: RE: Here is a
good Privacy Issue that will cause problems
Tim,
I must
respectfully disagree with your fundamental analysis of this scenario.
Pharmacists (chemists) have, for more than 2000 years, been part of a triad
(including physicians and nurses) engaged in an on-going clinical (NOT
business) practice of ensuring that the correct medications and drugs are
received by the correct patients. Whenever we remove one of those
clinical disciplines from the decision-making process, medication errors and
mistakes are likely to increase.
It is
NOT the intention of HIPAA to deter a good clinical practice.
Unfortunately, when unscrupulous people get hold of blank-prescriptions,
innocent people may get hurt. Under HIPAA, our responsibility then
becomes mitigation of the harm.
I hope
that this helps.
Your
questions are always welcome.
Matt
Matthew
Rosenblum
Chief
Operations Officer
Privacy, Quality
Management & Regulatory Affairs
http://www.CPIdirections.com
CPI
Directions, Inc.
10
West 15th Street, Suite 1922
New
York, NY 10011
(212)
675-6367
[EMAIL PROTECTED]
CONFIDENTIALITY
NOTICE: This E-Mail is intended only for the use of the individual or entity
to which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you have
received this communication in error, please do not distribute it.
Please notify the sender by E-Mail at the address shown and delete the
original message. Thank you.
AVISO
DEL CONFIDENCIALIDAD: Este email es solamente para el uso del individuo o la
entidad a la cual se dirige y puede contener información privilegiada,
confidencial y exenta de acceso bajo la ley aplicable. Si usted ha recibido
esta comunicación por error, por favor no lo distribuya. Favor
notificar al remitente del E-Mail a la dirección mostrada y elimine el
mensaje original. Gracias.
-----Original
Message----- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 6:00
PM To: WEDI SNIP Privacy
Workgroup List Subject: RE:
Here is a good Privacy Issue that will cause problems
In my
personal opinion, this practice - violating patient privacy, in the name of
detecting abuse by private businesses - which is (it appears to me)
unsupported by statute (unless mandated by DEA regulation) - is contrary to
both many state laws and HIPAA. I agree the practice serves a valuable
community need, as well as the needs of the abusing patient
(intervention). However, as it (as I see it) is NOT a law enforcement
reporting issue, but rather a "home grown" solution, that business simply do
out of common sense, the practice will either have to be suspended, with
suspects reported to law enforcement - cutting out the Sherlock Holms
detection engaged in by pharmacists in the process - or get a
state statute passed to support and require the activity. After all,
it appears to me that what is really occurring here is abuse of privacy, and
potentially serious defamation, and that a case might be made for damages if
a person is placed on these distribution lists wrongly. However, as I
am not an attorney I can not pass on a formal opinion. Just keep in
mind that a person DOES NOT LOOSE ANY RIGHTS just because a pharmacist
suspects abuse!!! It is up to statutory law enforcement of
investigate, and a court to determine if a crime has been committed, NOT A
CE, regardless of their practices. I am frankly amazed that we have
not heard more litigation on this issue.
Regards,
Tim McGuinness, Ph.D. Consulting Specialist in
Regulatory Privacy, Security, and Application Compliance
--- The WEDI SNIP listserv to which
you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI
SNIP. If you wish to receive an official opinion, post your question to the
WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs
should not be used for commercial marketing purposes or discussion of
specific vendor products and services. They also are not intended to be used
as a forum for personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED] To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED] If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
--- The WEDI SNIP listserv to which
you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP.
If you wish to receive an official opinion, post your question to the WEDI
SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You
are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED] If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
--- The WEDI SNIP listserv to which you are
subscribed is not moderated. The discussions on this listserv therefore
represent the views of the individual participants, and do not necessarily
represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish
to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used
for commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are
currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED] If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|