Has anyone seen any further clarification from DHHS on who
must comply with the Privacy Rule? The way I interpret the final rule published in December of
2000, and the guidelines published in July of 2001, the only health care
providers that must comply are those who electronically conduct one or more of
the ten covered transactions. I
have encountered a specialist who does not accept any insurance,
they are a cash only operation. As
such they do not file any claims or deal with eligibility, etc. By my reading they would appear to not
be a covered entity and therefore are not required to comply with the Privacy
Rule. I keep seeing information from various sources (not DHHS or
OCR, however) that make very broad statements such as “HIPAA applies to everyone”
or “there are no HIPPAA free records”. I can understand what they mean by these
statements in certain context but I think they are a little too broad and
misleading. Does anyone else agree
that a doctor’s office who is not electronically conducting a covered
transaction is therefore not a covered entity for the purposes of the Privacy
Rule? If you do not agree, can you
cite where is the requirement that such an office comply with
the Privacy Rule? Thanks, Noel Chang ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. |
- Re: Covered entities: "cash-only" docto... Noel Chang
- Re: Covered entities: "cash-only" ... Christopher J. Feahr, OD
- Re: Covered entities Max Bumbalough
- Re: Covered entities Leah Hole-Curry
- RE: Covered entities Woloszyn, J William
- RE: Covered entities McCauley Margaret M
- RE: Covered entities David Frenkel
- RE: Covered entities McCauley Margaret M
- RE: Covered entities Donna Kinney
- RE: Covered entities Leah Hole-Curry
- RE: Covered entities Hopper, Gene
