A provider is a covered entity under HIPAA if the provider sends any of the HIPAA mandated transactions electronically. Once a provider sends one of these transactions, he/she is "in" and must comply with the privacy and security requirements of HIPAA as well as those for the electronic transactions. If a provider does not send any of the HIPAA electronic transactions (using EDI or via a direct data entry system OR through an agent such as a billing service), the provider is not a HIPAA covered entity and is not required to abide by the privacy standards. Use of a fax to send information does not qualify as using a HIPAA electronic transaction. Strange as it may seem, such a provider can send protected health information by fax or e-mail (shudder) and the HIPAA cops can't get him.
However, who is to say what vulnerability there might be from litigation if such a provider does not observe the "standard of care" that HIPAA privacy regulations have established for the healthcare industry? Joan Joan Boyle HIPAA Compliance Manager The TriZetto Group, Inc. Voice: 970-627-1675 Fax: 970-627-1677 [EMAIL PROTECTED] *** Confidentiality Notice *** This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 8:58 AM To: WEDI SNIP Privacy Workgroup List Subject: Covered Entity or Not At a meeting yesterday of our parent organization's privacy officers we had a discussion I'd appreciate some feedback on. One of the organizations is a long-term care/retirement facility that indicated they do not "bill" electronically. Therefore they are not a covered entity. However, after further discussion they indicated they do in fact send via fax and/or email individual identifiable health information to other covered entities (ie hospitals, referral agencies, and referring agencies). Some contended because they did not use EDI, they didn't really need to comply, others indicated they were because they do send PHI via electronic media. Can anyone provide an insight? Thanks. Charles. ******************************** Charles R. Carnahan, M.Div., M.B.A. Chief Operating Officer CAB Health and Recovery Services, Inc. 111 Middleton Road Danvers, MA 01923 Phone: 978-739-7600 FAX: 978-750-3620 www.cabhealth.org ********************************* --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org