Rx2000HIPAA Digest, Volume 32 #1 From: JamesAlexander@bxhosp.nashville.org Subject: RE: unsuscribe #2 From: TZanis@gsrmc.dcnhs.org Subject: Re: Soft HIPAA #3 From: RTelesca@gigaweb.com Subject: RE: Transmitted vs. Stored #4 From: Beallfc@aol.com Subject: Re: Soft HIPAA #5 From: RCRMC.JWATKINS@co.riverside.ca.us Subject: Re: Soft HIPAA #6 From: Ralph.Neeper@wang.com Subject: RE: Soft HIPAA #7 From: brider@jhmi.edu Subject: RE: Transmitted vs. Stored #8 From: TZanis@gsrmc.dcnhs.org Subject: Patient Privacy/Disclosure Permission for Foundation/Fundraising Depts ********** Message #1 ********** From: JamesAlexander@bxhosp.nashville.org To: Rx2000HIPAA@rx2000.org Subject: RE: unsuscribe Date: Mon, 26 Jun 2000 08:01:47 -0500 What issue? Would like to remind all that the subject "thread" ends when we don't quote what we are replying to. -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Friday, June 23, 2000 10:45 AM To: Rx2000HIPAA@rx2000.org Subject: Re: unsuscribe In part this issue should be addressed in the patient's written authorization to release this information to you. There may be other issues as well. Steven S. Lazarus, PhD, FHIMSS President Boundary Information Group 4401 S. Quebec Street - Suite 100 Denver, CO 80237-2644 303-488-9911 sslazarus@aol.com ********** Message #2 ********** From: TZanis@gsrmc.dcnhs.org To: Subject: Re: Soft HIPAA Date: Mon, 26 Jun 2000 08:39:13 -0500 http://aspe.os.dhhs.gov/admnsimp=20 Tina K. Zanis Good Samaritan Regional Medical Center Pottsville, PA tzanis@gsrmc.dcnhs.org 570-621-4101 >>> 06/23/00 01:36PM >>> Do you know of a way I can get a soft copy of the HIPAA? I recently received a hard copy from my congressman, but would like to have it in either .txt or .doc format. Thank you. Ralph ********** Message #3 ********** From: RTelesca@gigaweb.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Transmitted vs. Stored Date: Mon, 26 Jun 2000 10:00:22 -0400 I am not saying that your argument does not have merit. However, as I said, I think it is important for us to embrace the "spirit" of the legislation and act responsibly. In the long term HIPAA will benefit the health care industry. DHHS admits that the complexity of the subject has resulted in language that opens some unintentional loopholes and leaves some issues unresolved. Nevertheless, in the many conversations I've had with DHHS, the intent is clear -- to provide a secure environment for health care information. I don't know why anyone would want to object to that. As with any new initiative, the best combination of standards and implementations will need to evolve over time based on actual implementation experience to create a balance between protection and, cost-effective, non-disruptive safeguards. However, HIPAA offers a standard starting point where there was none. To selectively secure health information simply seems to be somewhat irresponsible and, technically difficult and costly to accomplish. For example, Will we segregate data into databases that are "transmitted" and "not transmitted"? Will we then move data from the "not transmitted" to the "transmitted" when needed? Not likely. It seems to me that exploiting the loopholes does not serve either the health care industry or the patient. In the end, I'd like to believe that revenues and profits aside, our goal is to improve the delivery of health care. Richard J. Telesca ePractices Research Giga Information Group 54 Lavender Lane Rocky Hill, CT 06067 860.257.8527 (phone) -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Saturday, June 17, 2000 3:17 PM To: Rx2000HIPAA@rx2000.org Subject: RE: Transmitted vs. Stored Because of the inconsistencies you mention, I believe it is all the more important to focus on the language of the regulation itself, and not rely too much on the more general language and comments of the preamble. With regard to your comment regarding internal network transmissions: Even if these are within the definition of an electronic transmission, are they transmissions BETWEEN covered entities, as required by Section 142.302 of the security regulation? Sorry to split hairs, because I actually do believe that from a practical standpoint and for implementation purposes, it is probably wise for providers to take a broader view of the requirements. At the same time, it is important to bear in mind the distinction between what is legally required and what may merely be a good idea. Patricia I. Carter Gray, Plant, Mooty, Mooty & Bennett 33 South Sixth Street 3400 City Center Minneapolis, MN 55402-3796 (612) 343-2800 patricia.carter@gpmlaw.com The opinions stated are mine and mine alone, and not necessarily those of my employer. I am a lawyer, but whatever I said above was not legal advice. ********** Message #4 ********** From: Beallfc@aol.com To: Rx2000HIPAA@rx2000.org Subject: Re: Soft HIPAA Date: Mon, 26 Jun 2000 11:03:27 EDT Ralph, Various Federal Register ".pdf" files are located at the following site: http://aspe.os.dhhs.gov/admnsimp/nprm/index.htm These can be saved to your local drive, and viewed with Adobe Acrobat. Buddy Beall Director, Consulting Services Monterey Bay Group In a message dated 6/25/2000 9:33:00 AM Pacific Daylight Time, Rx2000HIPAA@rx2000.org writes: << Subj: Soft HIPAA Date: 6/25/2000 9:33:00 AM Pacific Daylight Time From: Rx2000HIPAA@rx2000.org Reply-to: Rx2000HIPAA@rx2000.org To: Rx2000HIPAA@rx2000.org Do you know of a way I can get a soft copy of the HIPAA? I recently received a hard copy from my congressman, but would like to have it in either .txt or .doc format. Thank you. Ralph >> ********** Message #5 ********** From: RCRMC.JWATKINS@co.riverside.ca.us To: Subject: Re: Soft HIPAA Date: Mon, 26 Jun 2000 08:57:25 -0800 If you want the entire text of HIPAA, you can download Public Law 104-191 = (Pub.L. 104-191) at the Government Printing Office's web site. http://www.access.gpo.gov/nara/publaw/104publ.html _______________________________ Jim Watkins Sr. Programmer/Analyst Riverside County Health Services Agency RCRMC.JWatkins@CO.Riverside.CA.US >>> 6/23/00 10:36:50 AM >>> Do you know of a way I can get a soft copy of the HIPAA? I recently received a hard copy from my congressman, but would like to have it in either .txt or .doc format. Thank you. Ralph ********** Message #6 ********** From: Ralph.Neeper@wang.com To: "'Rx2000HIPAA@rx2000.org'" Subject: RE: Soft HIPAA Date: Tue, 27 Jun 2000 06:50:39 -0400 Thank you for the reference. I was able to copy the document and save it in .txt format. Ralph A Neeper Sr. Secure Systems Analyst Wang Government Services, Inc. -----Original Message----- From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org] Sent: Monday, June 26, 2000 12:57 PM To: Rx2000HIPAA@rx2000.org Subject: Re: Soft HIPAA If you want the entire text of HIPAA, you can download Public Law 104-191 (Pub.L. 104-191) at the Government Printing Office's web site. http://www.access.gpo.gov/nara/publaw/104publ.html _______________________________ Jim Watkins Sr. Programmer/Analyst Riverside County Health Services Agency RCRMC.JWatkins@CO.Riverside.CA.US >>> 6/23/00 10:36:50 AM >>> Do you know of a way I can get a soft copy of the HIPAA? I recently received a hard copy from my congressman, but would like to have it in either .txt or .doc format. Thank you. Ralph ********** Message #7 ********** From: brider@jhmi.edu To: Subject: RE: Transmitted vs. Stored Date: Tue, 27 Jun 2000 08:54:11 -0400 I agree with Richard's observations. Building a plan to comply with the literal interpretation of the legislation may, in fact, open up the risk of missing key issues. The approach should be more "holistic" in that high level policies and standards, deployed from the top down, should create an environment where protection of patient information is paramount. Being proactive to the legislation, rather than reactive, creates a more = positive attitude towards implementing any appropriate controls - not because we have.....but because its the right thing to do. It is equally as = important to look at the legislation generally to understand it's overall intent, as it is to disect the wording and react to each issue............ Bill Rider Manager, Info Security/Disaster Recovery Johns Hopkins Hospital >>> 06/26/00 10:00AM >>> I am not saying that your argument does not have merit. However, as I said, I think it is important for us to embrace the "spirit" of the legislation and act responsibly. In the long term HIPAA will benefit the health care industry. DHHS admits that the complexity of the subject has resulted in language that opens some unintentional loopholes and leaves some issues unresolved. Nevertheless, in the many conversations I've had with DHHS, the intent is clear -- to provide a secure environment for health care information. I don't know why anyone would want to object to that. As with any new initiative, the best combination of standards and implementations will need to evolve over time based on actual implementation experience to create a balance between protection and, cost-effective, non-disruptive safeguards. However, HIPAA offers a standard starting point where there was none. To selectively secure health information simply seems to be somewhat irresponsible and, technically difficult and costly to accomplish. For example, Will we segregate data into databases that are "transmitted" and "not transmitted"? Will we then move data from the "not transmitted" to the "transmitted" when needed? Not likely. It seems to me that exploiting the loopholes does not serve either the health care industry or the patient. In the end, I'd like to believe that revenues and profits aside, our goal is to improve the delivery of health care. Richard J. Telesca ePractices Research Giga Information Group 54 Lavender Lane Rocky Hill, CT 06067 860.257.8527 (phone) ********** Message #8 ********** From: TZanis@gsrmc.dcnhs.org To: Subject: Patient Privacy/Disclosure Permission for Foundation/Fundraising Depts Date: Wed, 28 Jun 2000 06:29:55 -0500 Please make sure I am interpreting this correctly...I am a newer member to the Listserv and apologize if these questions have previously been asked/answered. Under HIPAA, Hospital Foundations or Fund-raising Organizations for hospitals will require specific patient consent in order to receive any identifiable patient information such as basic demographics for mailings/solicitations etc. Is this true? Does the consent need to be specific enough that the patient is told to whom and for what the information will be disclosed? Our Foundation is a separate corporate entity, so I assume the Foundation is a Business Partner of the hospital. Currently, our Foundation employee has direct access to parts of our Information System. Might this "on demand" access to information continue under HIPAA? Must a log of all of this information "disclosed" or accessed be maintained? Thanks for your thoughts and expertise on this. Tina K. Zanis Good Samaritan Regional Medical Center Pottsville, PA tzanis@gsrmc.dcnhs.org 570-621-4101