A provider is a covered entity under HIPAA if the provider sends any of the
HIPAA mandated transactions electronically. Once a provider sends one of
these transactions, he/she is "in" and must comply with the privacy and
security requirements of HIPAA as well as those for the electronic
transactions. If a provider does not send any of the HIPAA electronic
transactions (using EDI or via a direct data entry system OR through an
agent such as a billing service), the provider is not a HIPAA covered entity
and is not required to abide by the privacy standards. Use of a fax to send
information does not qualify as using a HIPAA electronic transaction.
Strange as it may seem, such a provider can send protected health
information by fax or e-mail (shudder) and the HIPAA cops can't get him.
However, who is to say what vulnerability there might be from litigation if
such a provider does not observe the "standard of care" that HIPAA privacy
regulations have established for the healthcare industry?
Joan
Joan Boyle
HIPAA Compliance Manager
The TriZetto Group, Inc.
Voice: 970-627-1675
Fax: 970-627-1677
[EMAIL PROTECTED]
*** Confidentiality Notice ***
This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and is protected
by law. If you are not the intended recipient, you should delete this
message and are hereby notified that any disclosure, copying, or
distribution of this message, or the taking of any action based on it, is
strictly prohibited.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Friday, January 31, 2003 8:58 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Covered Entity or Not
At a meeting yesterday of our parent organization's privacy officers we had
a discussion I'd appreciate some feedback on. One of the organizations is
a long-term care/retirement facility that indicated they do not "bill"
electronically. Therefore they are not a covered entity. However, after
further discussion they indicated they do in fact send via fax and/or email
individual identifiable health information to other covered entities (ie
hospitals, referral agencies, and referring agencies). Some contended
because they did not use EDI, they didn't really need to comply, others
indicated they were because they do send PHI via electronic media.
Can anyone provide an insight?
Thanks.
Charles.
********************************
Charles R. Carnahan, M.Div., M.B.A.
Chief Operating Officer
CAB Health and Recovery Services, Inc.
111 Middleton Road
Danvers, MA 01923
Phone: 978-739-7600
FAX: 978-750-3620
www.cabhealth.org
*********************************
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants, and do
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you wish to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and services.
They also are not intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
