A comment. When testing with live test data I have always applied the same privacy and confidentiality procedures that go with "live" or production data. The policy and procedure my group signs does not differentiate, any data we touch applies. Patient data is patient data. I cannot imagine why I would need to add additional procedures, is that too much common sense, I must be missing something. p
Pamela A. Cotham Senior Systems Analyst EDS - California Medicaid 3215 Prospect Park Drive - F01 Rancho Cordova CA 95670 Office: 916.636.1964 mailto:pamela.cotham@;eds.com What we have done for ourselves dies with us, what we have done for others remains and is immortal. -----Original Message----- From: David Frenkel [mailto:gefeg@;att.net] Sent: Friday, November 01, 2002 10:35 AM To: WEDI SNIP Transactions Workgroup List Subject: RE: Medicare Transaction Testing with Production Patient Data I would agree with Sheila's comments concerning testing. My concern would be how to implement HIPAA PHI concerns into IT departments that would be using this data. Organizations are going to have to have some type of P&P to outline handling of real 'test' data. There is a litany of concerns that could arise in regards to who has access to this test data, how long it is kept, security, paper documents created, spreadsheets created, verification the data is removed completely(would this require an independent audit?), etc. Sounds like another WEDI white paper. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 -----Original Message----- From: Mazza, Ralph [mailto:RMazza@;nt.dma.state.ma.us] Sent: Friday, November 01, 2002 10:11 AM To: WEDI SNIP Transactions Workgroup List Subject: RE: Medicare Transaction Testing with Production Patient Data Zena, the following post to the National Medicaid EDI HIPAA (NMEH) Mailing List on September 27, 2002 may give you some comfort. Dear NMEH, I have been given official authorizations to respond to your plea for guidance. Our Privacy regulation gurus here in CMS have discussed this with OCR, and the answer is (drum roll)... There is no blanket prohibition to testing with live data stated or implied in the privacy regulations. Systems testing falls under program operations. The same principles apply as for any such use and disclosure. You must take the all the appropriate precautions described in the regulation, and have all required business associate agreements signed. Sheila Frank Sheila Lynn Frank [EMAIL PROTECTED] CMS / Center for Medicaid & State Operations Finance, Systems, Quality Group / Division of State Systems Phone: 410 786-0442 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-transactions as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-transactions as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-transactions as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
