I snipped this from HHS privacy "guidance"/ FAQ. I may be wrong, but seems this really does extend to any covered entity based on if the transactions at any point become electronic...
Wm
******************
Q. Who must comply with these new privacy standards?
A: As required by Congress in HIPAA, the Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards are required to be adopted by the Secretary under HIPAA, such as electronic billing and fund transfers. These entities (collectively called "covered entities") are bound by the new privacy standards even if they contract with others (called "business associates") to perform some of their essential functions. The law does not give HHS the authority to regulate other types of private businesses or public agencies through this regulation. For example, HHS does not have the authority to regulate employers, life insurance companies, or public agencies that deliver social security or welfare benefits. The "Business Associate" section of this guidance provides a more detailed discussion of the covered entities' responsibilities when they engage others to perform essential functions or services for them.
******************
-----Original Message-----
From: Max Bumbalough [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 18, 2002 11:16 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Covered entities
Noel,
I asked that question at the SNIP Conference in Chicago early last year and
was told that if a healthcare provider does NOT electronically transmit any
of the covered transactions, then they will not have to comply with the
Privacy & Security Regulations.
However, a HC Provider will not be excluded from complying with the Privacy
& Security rules by merely using a billing service/company to transmit
electronic transmissions.
Has anyone else heard anything different?
Max Bumbalough
HIPAA Consultant
GovConnect, Inc.
(800)565-4873 x230
[EMAIL PROTECTED]
>From: Noel Chang <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Covered entities
>Date: Mon, 18 Mar 2002 10:44:45 -0600
>
>Has anyone seen any further clarification from DHHS on who must comply
>with the Privacy Rule?
>
>The way I interpret the final rule published in December of 2000, and
>the guidelines published in July of 2001, the only health care providers
>that must comply are those who electronically conduct one or more of the
>ten covered transactions. I have encountered a specialist who does not
>accept any insurance, they are a cash only operation. As such they do
>not file any claims or deal with eligibility, etc. By my reading they
>would appear to not be a covered entity and therefore are not required
>to comply with the Privacy Rule.
>
>I keep seeing information from various sources (not DHHS or OCR,
>however) that make very broad statements such as "HIPAA applies to
>everyone" or "there are no HIPPAA free records". I can understand what
>they mean by these statements in certain context but I think they are a
>little too broad and misleading. Does anyone else agree that a doctor's
>office who is not electronically conducting a covered transaction is
>therefore not a covered entity for the purposes of the Privacy Rule? If
>you do not agree, can you cite where is the requirement that such an
>office comply with the Privacy Rule?
>
>Thanks,
>
>Noel Chang
>
>
>**********************************************************************
>To be removed from this list, go to:
>http://snip.wedi.org/unsubscribe.cfm?list=privacy
>and enter your email address.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.
**********************************************************************
To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy
and enter your email address.
