In the situation you describe, it's pretty clear if you're the provider, you
are at risk since you're responsible to mitigate this type of situation:

I would:

A: Consult your policy and procedure manual regarding termination before the
employee is terminated.
Document the steps taken upon termination. If you didn't follow you're
policy, you're at risk.

B: Consult your policy and procedure for lost or stolen patient records.
Mine includes notifying law enforcement and mandates the report the alleged
theft of medical information. In some states, that is a felony.
Again, you followed your policy.

C: If you're a CE, have the patient notify you in writing as per your policy
and direct it to your Privacy Officer. If your conversations are verbal,
make copious notes.  In your reply, You should direct the patient to contact
law enforcement with their complaint of harassment.

Both items you mentioned mean little as the employee has already left.  The
release and theft have already occurred. What did you do to mitigate it and
when it happened, did you follow your policies and state laws if applicable
after you became aware of this release/theft.  I would consult my attorney
if this came to pass about the notification process to the ex-employee when
legal action reaches the court level.
You certainly could sue the ex-employee but damage control is certainly in
order. Out of this, you certainly could gain confidence in your patient
depending on how you handle it.


Chris Brancato

-----Original Message-----
From: Anurag Sinha [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 5:04 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Employee Termination Procedure

Hi All,

I have 2 questions on employee termination.
1. If the employee is terminated but has deliberately taken patient
information with them and starts using or harrassing them, what should the
provider or the CE supposed to do. Should they :-

(a) call the law enforcement or
(b) should they just issue a warning to the ex-employee
(c) inform the affected patients etc.

2. Is it advisable to get a sign-off from such an employee before they leave
stating that they would not use the information after termination?

thanks,
Anurag Sinha
HIPAA Privacy Project Manager
Youngsoft, Inc. (www.youngsoft.com)
Main  : (248)675-1200
Fax   : (248)668-8238

This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law.  If
you are not the intended recipient, you should delete this message and are
hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.


-----Original Message-----
From: Ribelin, Donald [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 2:44 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: When to have the patient sign an authorization


 164.508 Uses and disclosures for which an authorization is required...
...(c) Implementation specifications: Core elements and requirements.
(1) Core elements. A valid authorization under this section must contain at
least the following elements:
(i) A description of the information to be used or disclosed that identifies
the information in a specific and meaningful fashion.
(ii) The name or other specific identification of the person(s), or class of
persons, authorized to make the requested use or disclosure.
(iii) The name or other specific identification of the person(s), or class
of persons, to  whom the covered entity may make the requested use or
disclosure.
(iv) A description of each purpose of the requested use or disclosure. The
statement "at the request of the individual" is a sufficient description of
the purpose when an individual initiates the authorization and does not, or
elects not to, provide a statement of the purpose.
(v) An expiration date or an expiration event that relates to the individual
or the purpose of the use or disclosure. The statement "end of the research
study," "none," or similar language is sufficient if the authorization is
for a use or disclosure of protected health information for research,
including for the creation and maintenance of a research database or
research repository.
(vi) Signature of the individual and date. If the authorization is signed by
a personal representative of the individual, a description of such
representative's authority to act for the individual must also be provided.


Donald L. Ribelin
HIPAA Project Manager
Firsthealth of the Carolinas
(910) 215-2668
[EMAIL PROTECTED]

 -----Original Message-----
From:   Rachel Foerster [mailto:[EMAIL PROTECTED]]
Sent:   Monday, January 20, 2003 2:34 PM
To:     WEDI SNIP Privacy Workgroup List
Subject:        RE: When to have the patient sign an authorization

I believe that HIPAA requires any authorization to expire either on a
specific date or at a specific event. An event expiration could in fact, be
upon the individual's demise. Unfortunately I don't have a specific cite
from the rag on this.

Rachel Foerster
Principal
Rachel Foerster & Associates, Ltd.
Professionals in Health Care EDI
39432 North Avenue
Beach Park, IL 60099
Voice: 847-872-8070
Fax: 847-872-6860
eMail: [EMAIL PROTECTED]
http://www.rfa-edi.com



-----Original Message-----
From: Darrell Rishel [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 1:25 PM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: When to have the patient sign an authorization


I do not believe that HIPAA mandates that an authorization can only be valid
for 60 days. Such a limitation might be a part of state law, or an
organization's own standard. I think that if you can foresee the need for
the disclosure when the patient is admitted, then you can have it signed at
that time. If the need does not become apparent until later, then you have
the patient sign it then. In either case, of course, the authorization has
to meet all off the other HIPAA (and other applicable) requirements.

Darrell Rishel, J.D.
Director of Information Services
Arapahoe House, Inc.

This message is not legal advice or a binding signature.


-----Original Message-----
From: Klayer Geni [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 11:59 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: When to have the patient sign an authorization


As the need arises.  The authorization is only valid for 60 days.

        -----Original Message-----
        From:   [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
        Sent:   Monday, January 20, 2003 1:20 PM
        To:     WEDI SNIP Privacy Workgroup List
        Subject:        When to have the patient sign an authorization

        How are providers in particular handling the singing of
authorizations? Are practices having patients sign it when they first come
in, for future disclosures, or as the specific situations arise (i.e., they
later decide their atty. should see the medical records and sign an
applicable authorization).

        Thanks as always for your input.

        Jill Rubin, Esq.
        (617)388-2404
        [EMAIL PROTECTED] ---
        The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of the
WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official
opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

        You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
        To unsubscribe from this list, go to the Subscribe/Unsubscribe form
at http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
        If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.   These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services.  They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions 
on this listserv therefore represent the views of the individual participants, and do 
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If 
you wish to receive an official opinion, post your question to the WEDI SNIP Issues 
Database at http://snip.wedi.org/tracking/.   These listservs should not be used for 
commercial marketing purposes or discussion of specific vendor products and services.  
They also are not intended to be used as a forum for personal disagreements or 
unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the 
address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org

Reply via email to