Thanks to everyone who answered; many good thoughts. Steve, I think your point as follows is a very good one: "It seems to me that the treatment exception centers on the purpose to which the PHI will be put by the receiver, rather than on the receiver's classification as a provider." Thanks, John
John C. Cody, Esq. NYS Central HIPAA Coordination Project NYS Office for Technology http://www.oft.state.ny.us/hipaa/index.htm [The opinions expressed herein are my own and do not necessarily reflect the policies, practices or opinions of my employer or anyone else. Nothing herein constitutes legal advice - if you need legal advice, please consult your own attorney.] -----Original Message----- From: Steven Fowler [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 10:47 AM To: WEDI SNIP Privacy Workgroup List Subject: RE: is this practice O.K.? Dr. Fairley's original post asked whether it was permissible to disclose patient PHI to providers (pharmacies) who did not have a treatment relationship with the patient. I'm not altogether sure how you would go about determining definitively which pharmacy has a direct treatment relationship with the patient in the first place, since they can have their script filled anywhere. Do you assume that the pharmacy nearest to the patient's home has the treatment relationship? Dr. Fairley refers to sending a notice to all area pharmacies alerting them they are only to accept scripts from a certain MD. What are "area pharmacies"? Those within a 5-mile radius of the patient's home? 25 miles? 5-mile radius of the patient's workplace (which could be 50 miles from home here in SE Florida, with lots of drug stores on the way)? Methodology notwithstanding, it would seem to me that disclosures made to control a patient's medications would be permitted as treatment, and therefore would not require patient permission. Mr. Rosenblum's response was that the disclosures are OK as treatment so long as they are to providers. Mr. Cody's response that the regulatory language seemed to suggest that treatment disclosures weren't necessarily limited to providers, since other 3rd parties (non-providers) would seem to be included in the definition of "treatment." The question has been raised then whether some disclosures to non-providers could be considered as treatment-related. I think a related question would be if all disclosures to providers will be considered treatment-related. There was a situation presented on a listserv a while ago in which a patient's attorney wanted a 3rd party provider to provide PHI to another provider for purposes of a creating a second opinion. It was my understanding that the opinion of the other provider would have no effect on the patient's care, that it was just for purposes of building a legal case. Responses to this suggested a general opinion that the disclosure was permitted as treatment BECAUSE it occurred between two providers. It seems to me that the treatment exception centers on the purpose to which the PHI will be put by the receiver, rather than on the receiver's classification as a provider. Or is the assumption that all disclosures taking place between providers are treatment-related safe enough? Steven L. Fowler Compliance Officer Health Care District of Palm Beach County West Palm Beach, FL mailto:[EMAIL PROTECTED] 561-659-1270 -----Original Message----- From: Moya Gray [mailto:[EMAIL PROTECTED] Sent: Sunday, November 02, 2003 11:22 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: is this practice O.K.? I would also add to Dale's email that, unlike Dr. Fairley's initial situation in which providers are sending PHI to non-treating pharmacies (i.e., they have no relationship to the patient at the time of the disclosure), in the case that John is describing, it would appear that the appropriateness of the disclosure would depend upon the "facts" of the case. That is, is disclosure to a particular person likely to provide information that would be used in treatment; if not then a court would wonder why the disclosure. If the information is to be used for treatment and there is an established process that supports this disclosure/use then an attorney has a better argument that the disclosure is properly "for treatment purposes." Thus, apart from the answer to the question coming from a court case, an entity wants to set up for the possibility by identifying these situations and, if warranted, establishing a policy for its response. This process reduces the risk of uncertainty in litigation at the very least (it may not be the right answer, but does provide a clear standard that can be brought to the court if necessary) Moya T. Davenport Gray, Esq. 1283 Honokahua Street Honolulu, Hawaii 96825 808-396-6731 808-381-3732 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sunday, November 02, 2003 4:55 PM To: WEDI SNIP Privacy Workgroup List Subject: Re: is this practice O.K.? Sounds like some undue stress on a question that probably cannot be answered out of court. The regulatory language provides for no end of possible interpretations and we can only guess at what the courts will decide -- and they get the advantage of a specific set of circumstances (and, I think dice or chicken bones to aid in the decision). If the situation is viewed as a balance between the harm done and the benefit gained, it may be possible to make an educated guess. For example, searches are, by definition, an invasion of privacy. To search without prior approval from a judge, you need some urgent factor to outweigh the violation -- immediate risk to life, etc. There is a long list of court cases weighing the harm against the claimed urgency. That has not cleared up things much, but there are some useful clues. Would it make sense to look at why the release of PHI is happening? What weighs against infringing on the patient's rights? If it is simply a matter of gaining identification, that would not seem terribly urgent. If the harm (release of information without permission) was to prevent the spread of some life threatening virus that would seem to justify doing things that simply identifying a suitable payer would not. In short, if the patient is comatose (which sounds stable to the nonmedical folk), why wouldn't you ask a judge? They have the power to make decisions on behalf of people not able to decide for themselves. It is also much harder to get in serious hot water if you can claim you did it "because the judge said it was OK." I have broken similar rules when I believed the circumstances warranted it and would do so again, but I can't claim it was wise -- simply a strong wish to see the person upright again -- even if in court. Dale K. Howe, PhD Grand Rapids, MI, USA --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org DISCLAIMER: CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may be protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org