Rx2000HIPAA Digest, Volume 34

#1  From: lisa.cavitt@sih.net               Subject: Tools for HIPAA
Preparation and Security Education
#2  From: Woosleew@aol.com                  Subject: Re: Patient
Privacy/Disclosure Permission for Foundation/Fundraising
#3  From: ackerman@rx2000.org               Subject: Fwd: Premature
newsletter announcement of publication of final rule.
#4  From: Sslazarus@aol.com                 Subject: Re: Tools for HIPAA
Preparation and Security Education
#5  From: sdelturco@hvhs.org                Subject: RE: Tools for HIPAA
Preparation and Security Education
#6  From: john.rome@OCHSNER-HMO.COM         Subject: RE: Tools for HIPAA
Preparation and Secu
#7  From: dafeinberg@home.com               Subject: Fw: Premature
Newsletter Announcement of Publication of Final Rule
#8  From: dafeinberg@home.com               Subject: More HIPAA Final Rules
Information


********** Message #1 **********
From: lisa.cavitt@sih.net
To: rx2000hipaa@rx2000.org
Subject: Tools for HIPAA Preparation and Security Education
Date: Fri, 30 Jun 2000 08:38:14 -0500

Has anyone began development of a database that they will be using to track
their HIPAA compliance progress?  Would you be willing to share that
information?

I am also looking for information on either an internet/intranet or e-mail
education tool that will allow us to distribute information and a short
quiz.  Once the quiz is complete, e-mail back to the department who
distributed the information or enter the information into a database that
the employee has completed the online education.  Has anyone seen such a
tool?

Thanks
Lisa R. Cavitt
Information Services
Southern Illinois Healthcare
E-Mail: lisa.cavitt@sih.net


********** Message #2 **********
From: Woosleew@aol.com
To: Rx2000HIPAA@rx2000.org
Subject: Re: Patient Privacy/Disclosure Permission for
Foundation/Fundraising
Date: Fri, 30 Jun 2000 13:59:31 EDT

As I understand current regulations, you may, without patient consent:
Confirm that a particular person is in your hospital.
Give their status (critical, guarded, good, etc.)
That is about it.

You mat not give a Dx., what they are being treated for, or demographic
information on the patient.  Without HIPAA, these pieces of information are
private and divulging them is currently considered invasion of privacy and
a
breech of confidentiality.  HIPAA takes this to the federal level and does
give it some big criminal teeth though.

This may differ from state to state, but it has been the same in the
approximately 10 states I have worked in.

Other comments??

Errick E. Woosley
3X HCSG
(513) 587-3100

********** Message #3 **********
From: ackerman@rx2000.org
To: rx2000hipaa@rx2000.org
Subject: Fwd: Premature newsletter announcement of publication of final
rule.
Date: Thu, 06 Jul 2000 10:24:29 -0500

I am forwarding to the Rx2000HIPAA listserv the following information I
received from Bill Braithwaite of the Department of Health and Human
Services.

Joel Ackerman, Executive Director
Rx2000 Institute
ackerman@rx2000.org
612-595-7970


 Date:         Wed, 5 Jul 2000 17:36:58 -0400
 From:         WILLIAM braithwaite <bbraithw@OSASPE.DHHS.GOV>
 Subject:      Premature newsletter announcement of publication of final
               rule.
 
 A well known newsletter issued today says that the first final
 administrative simplification rule was to be published in the Federal
 Register today.  That rule is expected to be published soon, but has not
 yet been released and cannot be published for a few days after release.
 I will let you know the minute it is released and will follow up with
 publication information as soon as it is available!
 Bill.


********** Message #4 **********
From: Sslazarus@aol.com
To: Rx2000HIPAA@rx2000.org
Subject: Re: Tools for HIPAA Preparation and Security Education
Date: Sun, 2 Jul 2000 14:13:38 EDT

There is a web enabled product called Active Risk Manager designed to do
this, that we have adopted for HIPAA.  The website is www.arm-risk.com.  It
can be run as an internal client server or on an ASP.  You can contact me
directly for more information.

Steven S. Lazarus, PhD, FHIMSS
President
Boundary Information Group
4401 S. Quebec Street - Suite 100
Denver, CO 80237-2644
303-488-9911
sslazarus@aol.com

********** Message #5 **********
From: sdelturco@hvhs.org
To: "'Rx2000HIPAA@rx2000.org'" <Rx2000HIPAA@rx2000.org>
Subject: RE: Tools for HIPAA Preparation and Security Education
Date: Wed, 5 Jul 2000 11:24:18 -0400

Our organization purchased the "HIPAA Early View" from North Carolina
Healthcare and Communications Alliance, Inc. From my initial evaluation of
the tool, it looks like an excellent assessment and compliance tracking
tool
(Access database).
The web site is www.nchica.org

Susan M. DelTurco
Security Specialist
Heritage Valley Health System
sdelturco@hvhs.org


-----Original Message-----
From: Rx2000HIPAA@rx2000.org [mailto:Rx2000HIPAA@rx2000.org]
Sent: Friday, June 30, 2000 9:38 AM
To: Rx2000HIPAA@rx2000.org
Subject: Tools for HIPAA Preparation and Security Education



Has anyone began development of a database that they will be using to track
their HIPAA compliance progress?  Would you be willing to share that
information?

I am also looking for information on either an internet/intranet or e-mail
education tool that will allow us to distribute information and a short
quiz.  Once the quiz is complete, e-mail back to the department who
distributed the information or enter the information into a database that
the employee has completed the online education.  Has anyone seen such a
tool?

Thanks
Lisa R. Cavitt
Information Services
Southern Illinois Healthcare
E-Mail: lisa.cavitt@sih.net




********** Message #6 **********
From: john.rome@OCHSNER-HMO.COM
To: Rx2000HIPAA@rx2000.org
Subject: RE: Tools for HIPAA Preparation and Secu
Date: Wed, 5 Jul 2000 7:58:20 -0500

One tool we are evaluating is a compliance tracking system from
Eduneering, Inc.  I think their web page is www=2Eeduneering.com

John P=2E Rome
Security Administrator
Ochsner Health Plan=20=
john=2Erome@ochsner-hmo=2Ecom
  ----------
From: Rx2000HIPAA@rx2000=2Eorg
To: Rx2000HIPAA@rx2000=2Eorg
Subject: Tools for HIPAA Preparation and Security
Date: Saturday, July 01, 2000 2:19AM

<<File Attachment: ENVELOPE=2ETXT>>

Has anyone began development of a database that they will be using to
track their HIPAA compliance progress?  Would you be willing to share that
information?

I am also looking for information on either an internet/intranet or e-mail
education tool that will allow us to distribute information and a short
quiz.  Once the quiz is complete, e-mail back to the department who
distributed the information or enter the information into a database that
the employee has completed the online education=2E  Has anyone seen such a
tool?

Thanks
Lisa R=2E Cavitt
Information Services
Southern Illinois Healthcare
E-Mail: lisa=2Ecavitt@sih=2Enet



********** Message #7 **********
From: dafeinberg@home.com
To: "RX2000 HIPAA List Server" <rx2000HIPAA@rx2000.org>
Subject: Fw: Premature Newsletter Announcement of Publication of Final Rule
Date: Wed, 5 Jul 2000 16:28:27 -0700

      F.  Y.  I.

[Bill Braithwaite, the sender of the following message, is a Senior
Advisor on Health Information Policy at the Department of Health and
Human Services (DHHS), and is essentially in charge of DHHS's
activities for preparing HIPAA Administrative Simplification
regulations.  He is sometimes known as "Dr. HIPAA", and any message
from him -- such as the one that follows -- is an official DHHS
communication.]

                           Dave Feinberg
                           Co-Chair, HIPAA Implementation Work Group
                             Insurance Subcommittee
                             Accredited Standards Committee X12
                           Voting Member, HL7 and X12
                           Rensis Corporation [A Consulting Company]
                           206-617-1717
                           DAFeinberg@computer.org



----- Original Message -----
Sent: Wednesday, July 05, 2000 2:36 PM
Subject: Premature newsletter announcement of publication of final
rule.


A well known newsletter issued today says that the first final
administrative simplification rule was to be published in the Federal
Register today.  That rule is expected to be published soon, but has
not yet been released and cannot be published for a few days after
release.  I will let you know the minute it is released and will
follow up with publication information as soon as it is available!

Bill.







********** Message #8 **********
From: dafeinberg@home.com
To: "RX2000 HIPAA List Server" <rx2000HIPAA@rx2000.org>
Subject: More HIPAA Final Rules Information
Date: Fri, 7 Jul 2000 15:03:02 -0700

Following is an extract from a memorandum prepared by representatives
of the Workgroup for Electronic Data Interchange (WEDI) documenting a
meeting last week with Kevin Thurm, Deputy Secretary of the Department
of Health and Human Services, and some of his staff.  This extract
provides additional insight into the status of the final HIPAA rules
for Transactions and Code Sets, Identifiers, Privacy, and Security.

For reference, WEDI is a voluntary not-for-profit healthcare industry
organization specifically required by HIPAA [the legislation] to
advise DHHS on HIPAA matters.

                           Dave Feinberg
                           Co-Chair, HIPAA Implementation Work Group
                             Insurance Subcommittee
                             Accredited Standards Committee X12
                           Voting Member, HL7 and X12
                           Rensis Corporation [A Consulting Company]
                           206-617-1717

===========================================

WEDI MEMORANDUM

Date:  July 7, 2000
To:  WEDI Board of Directors
From:  Lee Barrett/Jim Schuping
Re:  Meeting with HHS


STATUS OF FINAL RULES

Mr. Thurm reported that the Transaction/Code Sets rule is currently
with the Office of Management and Budget (OMB) for their review.  HHS
met their obligation to process this document within the stated
timeframe, however, OMB is attempting to clarify an issue concerning
the Paperwork Reduction Act prior to completing their final approval.

Mr. Thurm also indicated that the completion of the Privacy rule is
very close and publication of both the Privacy and Security rules
should be forthcoming by early fall.  This will be followed by the
final rules for the Employer Identifier and National Provider
Identifier later this year.  He emphasized that all available
resources are being allocated to the completion of these important
documents.


NEED FOR COST/BENEFIT DATA

In response to our inquiry as to what additional types of information


would be useful and within what timeframe, the HHS staff indicated
that it would be of great value for WEDI to update its 1993 Report.
There was particular interest in the "business use case" from the
provider perspective of transitioning into EDI and eCommerce usage
with emphasis upon the anticipated benefits or ROI.  There is also a
need for data on the marginal costs of implementing privacy
provisions, differentiating from security, and then from a collective
total standpoint---and an overview of the anticipated benefits to be
realized.

They also suggested exploration of potential additional standards on
the "clinical" side that may need to be addressed in the near future.

===========================================