Marilyn If you have not already done so, I would suggest you review the HIPAA Security NPRM. To summarize: PHI that is transmitted must be encrypted. The Security NPRM goes into other security requirements as well.
In addition, HCFA/CMS has published their Internet Security Policy (http://www.hcfa.gov/security/isecplcy.htm). It will probably form the defacto standard for the encryption of PHI transmitted over the Internet. Anyway, between the Securty NPRM and the Internet Security Policy, you're off to a good (and reasonable) start. Jan Root "Musser, Marilyn J" wrote: > Good afternoon, everyone -my question concerns the impact of H-AS > privacy regs on the vendors of medical equipment, particular equipment > for diagnosis (MRI, mammogram,) treatment (kidney dialysis, IV/infusion > units) or equipment used in "telemedicine," e.g. home monitoring > equipment for diabetics. If these entities submit their claims > electronically, we can know what impact there will be on the formats, > etc, they must use. However, from a privacy standpoint, are there other > considerations that they will have - transmission of info? Encryption > requirements? Protection of data generated by patient-specific > machines? I would appreciate any thoughts on this and/or suggestions > for research resources that I could explore. Thank you. > > Marilyn Musser > Provider Relations Manager > HIPAA-AS Policy and Communication Coordinator > Wellmark, Inc. > phone: 515.248.5588 > fax: 515.245.4620 > [EMAIL PROTECTED] > > ********************************************************************** > To be removed from this list, go to: >http://snip.wedi.org/unsubscribe.cfm?list=privacy > and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
