Rx2000HIPAA Digest, Volume 25 #1 From: Woosleew@aol.com Subject: Re: "Authorizing" access #2 From: Sslazarus@aol.com Subject: Re: "Authorizing" access #3 From: randy@habsoft.com Subject: Re: HIPAA and military hospitals #4 From: joldenburg@evantageconsulting.com Subject: RE: "Authorizing" access #5 From: Pingra@bbmc.org Subject: The future of HIPAA #6 From: Clyde.Hewitt@NCMail.NET Subject: Re: HIPAA and military hospitals #7 From: randy@habsoft.com Subject: Re: HIPAA and military hospitals #8 From: paulsmith@dwt.com Subject: RE: HIPAA and military hospitals ********** Message #1 ********** From: Woosleew@aol.com To: Rx2000HIPAA@rx2000.org Subject: Re: "Authorizing" access Date: Wed, 7 Jun 2000 09:30:51 EDT In a message dated 6/6/00 7:56:02 PM Eastern Daylight Time, Rx2000HIPAA@rx2000.org writes: What I don't see anywhere is information about what steps you need to take to ensure that the person to whom you are issuing the logon and password or digital certificate "is who he/she says he/she is." You really should that in place already. Confidentiality of medical records is not new! HIPAA just defines some aspects of confidentiality & security in the eWorld and attempts to simplify things administratively. Check with your Med Rec Dept they may (should) have these Policies and Procedures in writing. Access is and, for years, has been dictated by "need to know". Supposedly, no healthcare professional can go in and request a medical record of someone to read just for amusement or interest. There is should to be controls in place to stop this breech of confidentiality. Errick E. Woosley Senior Consultant 3X HCSG (513) 587-3100 ********** Message #2 ********** From: Sslazarus@aol.com To: Rx2000HIPAA@rx2000.org Subject: Re: "Authorizing" access Date: Wed, 7 Jun 2000 16:28:12 EDT Fortunately, the government has left some of the decisions to us. Presumably a clerk in the clinic or hospital is an employee or a contractor, and HR has followed its Policies and Procedures in verifying the person's identification before authorizing the issuing of access to patient data. Some of the employer responsibilities in this regard are covered by the Department of Labor, IRS and Social Security regulations, steps which must be taken for employees now. Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group 4401 S. Quebec Street - Suite 100 Denver, CO 80237-2644 303-488-9911 sslazarus@aol.com ********** Message #3 ********** From: randy@habsoft.com To: Subject: Re: HIPAA and military hospitals Date: Thu, 8 Jun 2000 09:19:35 -0400 On the subject of who is included, has anyone heard a definitive answer on whether agencies providing services to people with mental retardation (aka developmental disabilities), particularly those funded by Medicaid under the ICF/MR program, will have all records covered by HIPAA, or only medical records. For years, the field has been careful to make the distinction that a person with MR/DD was not sick, and therefore should not be referred to as a patient. Much of the contents of the records would involve training/education and assistance provided in activities of daily living. Usually funding is a single daily amount, but the funding is suspended for hospital stays if they occur. ----- Original Message ----- From: To: Sent: Tuesday, May 30, 2000 6:32 PM Subject: RE: HIPAA and military hospitals I suspect that there is a lot going on behind the scenes re: this subject. It was widely understood that some considerable part of the more recent delays was the realization that the MTFs may be included and that caused commensurate dismay, Joe a -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, May 30, 2000 12:15 PM To: Rx2000HIPAA@rx2000.org Subject: HIPAA and military hospitals Can anyone tell me whether or not military hospitals will be required to comply with HIPAA regulations? I have heard both yeah's and nay's. I have also read some of the proposed regs and found nothing that seemed to explicitly exclude military hospitals. Thanks for your help with this! Lane Hatcher Systems Engineer, Wilford Hall Medical Center Lackland AFB, San Antonio, TX rhatcher@flash.net ********** Message #4 ********** From: joldenburg@evantageconsulting.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: "Authorizing" access Date: Thu, 8 Jun 2000 09:19:16 -0500 I should probably clarify the context of my question. It is actually focused on what health plans, TPA's, and others who are not the employers of the individuals requiring access, and who have a contractual relationship with the entity (but not necessarily directly), need to do to verify the identify of people before issuing them the capability of reviewing eligibility information and claims status information. Both of these transactions, I believe, fall under the HIPAA definition of "patient confidential or patient identifying" data. Under those circumstances, it becomes harder for a plan to validate who the people requesting access are.... Jan -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Wednesday, June 07, 2000 3:28 PM To: Rx2000HIPAA@rx2000.org Subject: Re: "Authorizing" access Fortunately, the government has left some of the decisions to us. Presumably a clerk in the clinic or hospital is an employee or a contractor, and HR has followed its Policies and Procedures in verifying the person's identification before authorizing the issuing of access to patient data. Some of the employer responsibilities in this regard are covered by the Department of Labor, IRS and Social Security regulations, steps which must be taken for employees now. Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group 4401 S. Quebec Street - Suite 100 Denver, CO 80237-2644 303-488-9911 sslazarus@aol.com ********** Message #5 ********** From: Pingra@bbmc.org To: "'rx2000hipaa@rx2000.org'" Subject: The future of HIPAA Date: Thu, 8 Jun 2000 10:21:50 -0400 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01BFD154.E33CBD90 Content-Type: text/plain; charset="iso-8859-1" In discussions at the hospital about preparations for HIPAA, one question keeps surfacing and wanted to see if any other organizations are having the same discussions. Since HIPAA is a compromise bill sponsored by Democrats, and since all formal rules have yet to be established, in the event of a Republican White House and Congress in 2001, how certain are we that this law will stand long enough for everyone to become compliant. Any thoughts? Phyllis Ingram Beebe Medical Center ********** Message #6 ********** From: Clyde.Hewitt@NCMail.NET To: Rx2000HIPAA@rx2000.org Subject: Re: HIPAA and military hospitals Date: Thu, 08 Jun 2000 10:22:14 -0400 But aren't those with MR/DD subject to a Mental Health Evaluation, and thus this is covered under HIPAA. Rx2000HIPAA@rx2000.org wrote: On the subject of who is included, has anyone heard a definitive answer on whether agencies providing services to people with mental retardation (aka developmental disabilities), particularly those funded by Medicaid under the ICF/MR program, will have all records covered by HIPAA, or only medical records. For years, the field has been careful to make the distinction that a person with MR/DD was not sick, and therefore should not be referred to as a patient. Much of the contents of the records would involve training/education and assistance provided in activities of daily living. Usually funding is a single daily amount, but the funding is suspended for hospital stays if they occur. ----- Original Message ----- From: To: Sent: Tuesday, May 30, 2000 6:32 PM Subject: RE: HIPAA and military hospitals I suspect that there is a lot going on behind the scenes re: this subject. It was widely understood that some considerable part of the more recent delays was the realization that the MTFs may be included and that caused commensurate dismay, Joe a -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, May 30, 2000 12:15 PM To: Rx2000HIPAA@rx2000.org Subject: HIPAA and military hospitals Can anyone tell me whether or not military hospitals will be required to comply with HIPAA regulations? I have heard both yeah's and nay's. I have also read some of the proposed regs and found nothing that seemed to explicitly exclude military hospitals. Thanks for your help with this! Lane Hatcher Systems Engineer, Wilford Hall Medical Center Lackland AFB, San Antonio, TX rhatcher@flash.net ********** Message #7 ********** From: randy@habsoft.com To: Subject: Re: HIPAA and military hospitals Date: Thu, 8 Jun 2000 11:38:30 -0400 My apologies for not identifying myself in the message quoted below. Randy Hersom Vice President, Software Development Habilitation Software Inc. Providers of software for agencies serving people with developmental disabilities On the subject of who is included, has anyone heard a definitive answer on whether agencies providing services to people with mental retardation (aka developmental disabilities), particularly those funded by Medicaid under the ICF/MR program, will have all records covered by HIPAA, or only medical records. For years, the field has been careful to make the distinction that a person with MR/DD was not sick, and therefore should not be referred to as a patient. Much of the contents of the records would involve training/education and assistance provided in activities of daily living. Usually funding is a single daily amount, but the funding is suspended for hospital stays if they occur. ********** Message #8 ********** From: paulsmith@dwt.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: HIPAA and military hospitals Date: Thu, 8 Jun 2000 09:22:15 -0700 I haven't heard anything definitive. I should think ICF-DDs are providers under HIPAA, because a provider includes any person who furnishes health care services or supplies in the normal course of business, and I believe ICF-DDs do this for clients who have medical conditions, as most of them do. However, a provider is covered by HIPAA only if it (or its agent, such as a billing agent or clearinghouse) transmits health information in electronic form in connection with a standard transaction. I suspect most ICF-DDs don't do this. And if an ICF-DD is covered, the privacy restrictions pertain only to health information that is or has been electronically maintained or transmitted. Much has been said about the practical difficulty of distinguishing this kind of health information from paper-based information, but it may be possible to keep it separate from information relating to training and daily activities. Paul Smith Davis Wright Tremaine LLP paulsmith@dwt.com -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Thursday, June 08, 2000 6:20 AM To: Rx2000HIPAA@rx2000.org Subject: Re: HIPAA and military hospitals On the subject of who is included, has anyone heard a definitive answer on whether agencies providing services to people with mental retardation (aka developmental disabilities), particularly those funded by Medicaid under the ICF/MR program, will have all records covered by HIPAA, or only medical records. For years, the field has been careful to make the distinction that a person with MR/DD was not sick, and therefore should not be referred to as a patient. Much of the contents of the records would involve training/education and assistance provided in activities of daily living. Usually funding is a single daily amount, but the funding is suspended for hospital stays if they occur. ----- Original Message ----- From: To: Sent: Tuesday, May 30, 2000 6:32 PM Subject: RE: HIPAA and military hospitals I suspect that there is a lot going on behind the scenes re: this subject. It was widely understood that some considerable part of the more recent delays was the realization that the MTFs may be included and that caused commensurate dismay, Joe a -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Tuesday, May 30, 2000 12:15 PM To: Rx2000HIPAA@rx2000.org Subject: HIPAA and military hospitals Can anyone tell me whether or not military hospitals will be required to comply with HIPAA regulations? I have heard both yeah's and nay's. I have also read some of the proposed regs and found nothing that seemed to explicitly exclude military hospitals. Thanks for your help with this! Lane Hatcher Systems Engineer, Wilford Hall Medical Center Lackland AFB, San Antonio, TX rhatcher@flash.net