You have a point regarding the convoluted answers - that is why we do not grant restrictions regarding TPO, especially payment.
Also for the assumption that you signed a HIPAA release ahead of treatment, if you are referring to a consent, that is also optional under the rule, and I do not know of any providers using one for the exact scenario that you gave. Patients can be very slick! Judith -----Original Message----- From: Wellons, David L [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 9:51 AM To: 'Bentz-Miller, Judith'; WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. But note that even an answer to this (what should be a simple issue) requires convoluted answers - if this, then that, but if this other, then we do this other thing, but now, if it is Tuesday, we must do this. . . Also, I believe I can withdraw (or change) my PHI restrictions at any time. Assuming the staff has me sign HIPAA release ahead of treatment, I can always rescind it on the way out of the office. There are those who will game the system, HIPAA has just given them one more card to play. My views, not my employer. -----Original Message----- From: Bentz-Miller, Judith [mailto:[EMAIL PROTECTED] Sent: Friday, October 31, 2003 8:52 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. Also, even if the patient requests non-release of PHI to the provider (a restriction), the provider does not have to grant the request. Then the patient can decide how to proceed with their own treatment. Judith Judith Bentz-Miller Privacy Officer Arnett Clinic 765-448-8843 -----Original Message----- From: Rachel Foerster [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 7:57 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. Actually, if the patient requests non-release of PHI to the provider for its own TPO then the provider is well within its rights to determine how it will be paid for the services to be rendered. If the patient cannot provide adequate assurance to the provider that it will be paid for services rendered such that there would not be any disclosure of PHI in order to collect payment, the provider is not obligated to treat....unless there might be an EMTALA issue. Rachel Rachel Foerster Rachel Foerster & Associates, Ltd. Voice: 847-872-8070 email: [EMAIL PROTECTED] -----Original Message----- From: Wellons, David L [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 4:19 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Collection Accts. then all I as a scoundrel patient need to do (particularly if self pay) is to request non-release of information without my permission and then just refuse to pay my bill. Sounds like the provider's only recourse would be to contact me directly - use of a collection agency would violate HIPAA since I haven't given my permission, as would posting a bad debt on my credit record. Sounds like a winner to me! As to my example about the parking lot accident - agreed that police are not HIPAA bound, but with the DOJ conclusion that anyone (not just CEs) who release PHI can be prosecuted (q.e.d.), it makes sense should they list my name and the physician office name publicly, someone could 'interpret' HIPAA as being applicable. (I know this won't happen, but just saying that under the current interpretations I've seen in these threads, there is merit to the example). Also, the issue of the CA having a BAA with the CE and thus can use PHI. >From other threads (the one about overseas transcriptions), someone said that HIPAA only applies to CEs, and that if BAAs are used, the non-CE who gets the data is not bound by HIPAA, their only exposure would be breach of contract issues with the CE. As the CA and CRAs are not CEs, then any collection data they have, even the PHI you list (name, amount) is not covered under HIPAA once they have it in their hands (EVEN with BAAs in place). While this may be circular logic, that is what I come up with when combining a couple of issues into one. Don't read my comments as argumentative, not meant that way, just a bit frustrated that even professional (as you and the others are) who are well-versed as anyone in HIPAA can't seem to find common agreement on some key points. Not your fault, just the way it was all written. The views expressed are mine personally and do not necessarily represent the views of my employer. -----Original Message----- From: Sherriann Hamilton [mailto:[EMAIL PROTECTED] ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.60" --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org