Rx2000HIPAA Digest, Volume 16 > > #1 From: Petehc@aol.com Subject: Re: Encounters > #2 From: eellis@metalogics.com Subject: Re: Encounters > #3 From: carls003@mc.duke.edu Subject: Re: Alpha pagers > #4 From: David.Foley@ps.net Subject: RE: Alpha pagers > #5 From: Woosleew@aol.com Subject: Paper covered under HIPAA > #6 From: dafeinberg@home.com Subject: HIPAA Privacy vs. HIPAA Transactions > #7 From: clarkstanton@dwt.com Subject: RE: Alpha pagers > #8 From: clarkstanton@dwt.com Subject: RE: Paper covered under HIPAA > > > ********** Message #1 ********** > From: Petehc@aol.com > To: Rx2000HIPAA@rx2000.org > Subject: Re: Encounters > Date: Thu, 4 May 2000 14:06:57 EDT > > Erric, an extention of your comments, it is my understanding HIPAA > "transactions" contemplate electronically produced paper. > > Pete Biagiotti > Aon > 818-363-9435 > > ********** Message #2 ********** > From: eellis@metalogics.com > To: Rx2000HIPAA@rx2000.org > Subject: Re: Encounters > Date: Thu, 04 May 2000 23:07:17 -0400 > > As currently written, these interpretations are correct. Until the encounter becomes an electronic payment or proof of insurance event the HIPAA regulations > don't apply. However, the intent of HIPAA obviously transcends the wording - the intent is to protect privacy regardless of all of the manifestations of > communication (alpha pagers, cell phones, EDI, etc.). Given the level of electronic connectivity in even the most basic healthcare delivery system, great > care will have to be employed to avoid violation of patients' privacy. Whether this is executed at the source (Hospial/MD office) or at the intermediary is > a mute point. The fact is that transmission of the data must either be ambiguous or highly encrypted. > > The final weight of any prosecution (if ever) will be the effort put into protecting the data. Most healthcare systems will probably end up employing > redundant security (firewalls + encryption) and possibly a rules engine. > > my own opinions, > > ernie ellis > eellis@metalogics.com > > Rx2000HIPAA@rx2000.org wrote: > > > In a message dated 5/3/00 12:45:32 PM Eastern Daylight Time, > > Rx2000HIPAA@rx2000.org writes: > > > > > As a clinician, I would say that an encounter is the visit itself. The > > > record is simply documentation of the encounter. I do not believe it has > > > anything to do with whether it is payable. > > > > As a former Medical Group Manager and Hospital Director, I agree with you. > > The "visit" is the "encounter". You record it on the Encounter Form or > > Superbill. Payment source (or lack thereof) has no bearing on it. As I > > understand it, a transaction (as referred to by HIPAA) and an encounter are > > not the same. A transaction would be any electronic exchange or transmission > > of medical and/or financial information, which contains information that > > identifies a patient. This is a somewhat simplified definition. > > > > Errick E. Woosley, MPA > > 3X HCSG > > (513) 587-3100 > > > > > ********** Message #3 ********** > From: carls003@mc.duke.edu > To: Rx2000HIPAA@rx2000.org > Subject: Re: Alpha pagers > Date: Fri, 5 May 2000 08:16:58 -0400 > > So, I you were sending alert lab values with MRN as an identifier it would fall > under the regs? > > Casey Carlson > Project Manager > Duke University Health Systems > > > > > > > > Rx2000HIPAA@rx2000.org on 04/30/2000 09:17:01 PM > > Please respond to Rx2000HIPAA@rx2000.org > To: Rx2000HIPAA@rx2000.org > cc: > Subject: Re: Alpha pagers > > Nonsense! Only if the alpha page included individually identifiable > information. Phone numbers would be exempt. Please read the Proposed > regulation. > > Steven S. Lazarus, PhD, FHIMSS > Boundary Information Group > > > > > ********** Message #4 ********** > From: David.Foley@ps.net > To: "'Rx2000HIPAA@rx2000.org'" > Subject: RE: Alpha pagers > Date: Fri, 5 May 2000 11:23:35 -0500 > > Due to the fact that Alpha pages are computerized at some point during their > transmission, if the information included in the page contains any patient > identifiable information, it would most definitely be covered. > > -----Original Message----- > From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] > Sent: Friday, May 05, 2000 7:17 AM > To: Rx2000HIPAA@rx2000.org > Subject: Re: Alpha pagers > > > > So, I you were sending alert lab values with MRN as an identifier it would > fall > under the regs? > > Casey Carlson > Project Manager > Duke University Health Systems > > > > > > > > Rx2000HIPAA@rx2000.org on 04/30/2000 09:17:01 PM > > Please respond to Rx2000HIPAA@rx2000.org >To: Rx2000HIPAA@rx2000.org > cc: > Subject: Re: Alpha pagers > > Nonsense! Only if the alpha page included individually identifiable > information. Phone numbers would be exempt. Please read the Proposed > regulation. > > Steven S. Lazarus, PhD, FHIMSS > Boundary Information Group > > > ********** Message #5 ********** > From: Woosleew@aol.com > To: Rx2000HIPAA@rx2000.org > Subject: Paper covered under HIPAA > Date: Fri, 5 May 2000 13:10:05 EDT > > In a message dated 5/5/00 11:06:02 AM Eastern Daylight Time, > Rx2000HIPAA@rx2000.org writes: > > > Errick, an extention of your comments, it is my understanding HIPAA > > "transactions" contemplate electronically produced paper. > > > > Pete Biagiotti > > > > Pete, You're right. > > If an electronic transmission is used to create a hard copy, then that hard > copy AND ALL of progeny are covered under the HIPAA regs. > > So if you FAX a record to someone, the FAX machine prints it out: the > printout is covered under HIPAA. If that FAX printout is used to make > copies, then those copies are ALSO covered under HIPAA, even though they were > not technically "transmitted". > > > Errick E. Woosley, MPA > 3X HCSG > (513) 587-3100 > > ********** Message #6 ********** > From: dafeinberg@home.com > To: Rx2000HIPAA@Rx2000.org > Subject: HIPAA Privacy vs. HIPAA Transactions > Date: Fri, 05 May 2000 10:56:37 -0700 > > In response to several messages recently posted on this list server ... > > > "... it is my understanding HIPAA 'transactions' contemplate > electronically produced paper." > > Nothing could be further from the intent of the writers of the HIPAA > transaction standards; called Implementation Guides. The content and > structure of the HIPAA transaction standards supports capabilities that > would be extremely difficult, if not virtually impossible, to replicate > on paper. The HIPAA transaction standards represent a very explicit > intent to break the bounds and bonds to paper, and make the transactions > support the defined "business needs" as fully as possible. This is > particularly the situation for the newest transaction standards such as > Services Review and Claims Attachments. > On the other hand, as the HIPAA privacy regulation summary > [http://aspe.hhs.gov/admnsimp/pvcsumm.htm] states: "The paper progeny of > electronic information is covered". > > > "Until the encounter becomes an electronic payment or proof of > insurance event the HIPAA regulations don't apply." > > Correct. Again quoting the HIPAA privacy regulation summary: > "Information becomes electronic either by being sent electronically as > one of the Administrative Simplification transactions or being > maintained in a computer system." And: "Protection would start when > information becomes electronic, and would stay with the information as > long as the information is in the hands of a covered entity." > > > "So, If you were sending alert lab values [on an alpha pager] > with MRN as an identifier it would fall under the regs?" > > Yes. Again quoting the HIPAA privacy regulation summary: "If the > information has any components that could be used to identify the > subject, it would be covered." And: "HIPAA protects the information > itself, not the record in which the information appears." > > > "Not to split hairs." And other related comments. > > Amen! > > > > The draft HIPAA Privacy Regulation, as we all know, delves into > considerably more detail than the summary I've quoted; however, the > summary is a very good starting point for learning about HIPAA privacy > and is a mere 5.5 pages in length. Also, it's worth noting that there > are at least four overlapping dimensions worth of logic involved with > HIPAA privacy, coverage, disclosure, ownership, procedures, etc. etc. > etc. This is not going to be for the faint of heart nor the casual wave > of arms. {e.g., The fastest highest level reasonable overview of HIPAA > Security and Privacy I've ever presented has taken three hours. The > initial very open-ended list of components which are considered to make > information individually identifiable contains 25 items; of which MRN is > but one.} > > > Dave Feinberg > Co-Chair, HIPAA Implementation Work Group > Insurance Subcommittee > Accredited Standards Committee X12 > Voting Member, HL7 and X12 > Rensis Corporation [A Consulting Company] > 206-617-1717 > DAFeinberg@computer.org > > ********** Message #7 ********** > From: clarkstanton@dwt.com > To: "'Rx2000HIPAA@rx2000.org'" > Subject: RE: Alpha pagers > Date: Fri, 5 May 2000 13:36:17 -0700 > > I spoke with some IBM HIPAA folks yesterday, and it was their view that > medical information transmitted using alpha paging would indeed be > electronic for purposes of HIPAA. > > > _______________________________ > > > > Clark Stanton > > Davis Wright Tremaine LLP > > One Embarcadero Center, Suite 600 > > San Francisco 94111 > > phone (415) 276-6538 > > fax (415) 276-6599 > > clarkstanton@dwt.com > > http://www.ehealthlaw.com > > http://www.dwt.com/lawdir/WCStanton.htm > > _______________________________ > > > > > > -----Original Message----- > > From: Rx2000HIPAA@rx2000.org [SMTP:Rx2000HIPAA@rx2000.org] > > Sent: Friday, May 05, 2000 9:24 AM > > To: Rx2000HIPAA@rx2000.org > > Subject: RE: Alpha pagers > > > > > > Due to the fact that Alpha pages are computerized at some point during > > their > > transmission, if the information included in the page contains any patient > > identifiable information, it would most definitely be covered. > > > > -----Original Message----- > > From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] > > Sent: Friday, May 05, 2000 7:17 AM > > To: Rx2000HIPAA@rx2000.org > > Subject: Re: Alpha pagers > > > > > > > > So, I you were sending alert lab values with MRN as an identifier it would > > fall > > under the regs? > > > > Casey Carlson > > Project Manager > > Duke University Health Systems > > > > > > > > > > > > > > > > Rx2000HIPAA@rx2000.org on 04/30/2000 09:17:01 PM > > > > Please respond to Rx2000HIPAA@rx2000.org To: Rx2000HIPAA@rx2000.org > > cc: > > Subject: Re: Alpha pagers > > > > > > Nonsense! Only if the alpha page included individually identifiable > > information. Phone numbers would be exempt. Please read the Proposed > > regulation. > > > > Steven S. Lazarus, PhD, FHIMSS > > Boundary Information Group > > > > ********** Message #8 ********** > From: clarkstanton@dwt.com > To: "'Rx2000HIPAA@rx2000.org'" > Subject: RE: Paper covered under HIPAA > Date: Fri, 5 May 2000 13:45:07 -0700 > > According to the DHHS preamble to the proposed privacy rule, a "paper to > paper" fax does not constitute an electronic transmission of the record for > purposes of HIPAA. On the other hand, a fax sent from or to a computer > would be considered electronic for HIPAA purposes. Of course, a document > that is sent by paper to paper fax could still be covered by HIPAA if it was > in electronic form either before or after it was faxed. > > _______________________________ > > > > Clark Stanton > > Davis Wright Tremaine LLP > > One Embarcadero Center, Suite 600 > > San Francisco 94111 > > phone (415) 276-6538 > > fax (415) 276-6599 > > clarkstanton@dwt.com > > http://www.ehealthlaw.com > > http://www.dwt.com/lawdir/WCStanton.htm > > _______________________________ > > > > -----Original Message----- > > From: Rx2000HIPAA@rx2000.org [SMTP:Rx2000HIPAA@rx2000.org] > > Sent: Friday, May 05, 2000 10:10 AM > > To: Rx2000HIPAA@rx2000.org > > Subject: Paper covered under HIPAA > > > > > > In a message dated 5/5/00 11:06:02 AM Eastern Daylight Time, > > Rx2000HIPAA@rx2000.org writes: > > > > > Errick, an extention of your comments, it is my understanding HIPAA > > > "transactions" contemplate electronically produced paper. > > > > > > Pete Biagiotti > > > > > > > Pete, You're right. > > > > If an electronic transmission is used to create a hard copy, then that > > hard > > copy AND ALL of progeny are covered under the HIPAA regs. > > > > So if you FAX a record to someone, the FAX machine prints it out: the > > printout is covered under HIPAA. If that FAX printout is used to make > > copies, then those copies are ALSO covered under HIPAA, even though they > > were > > not technically "transmitted". > > > > > > Errick E. Woosley, MPA > > 3X HCSG > > (513) 587-3100 > >