I would just add to this discussion that there are times in the Privacy Rule that the term "firewall" is used when the drafters clearly are not referring to what is normally thought of as a "firewall" i.e. a piece of computer equipment. This is especially true in the text surrounding requirements for group health plans. For instance, in the Preamble discussion of group health plans, Fed. Reg. pg. 82508, it states that plan documents must be amended to among other things: "provide adequate 'firewalls' to: identify the employees or classes of employees who will have access to protected health information; restrict access solely to the employees identified and only for the functions performed on behalf of the group health plan; and provide a mechanism for resolving issues of noncompliance." One of the concerns in the group health plan context is safeguarding PHI from the employer so that it is not used improperly i.e. employment decisions. Therefore they want certain barriers or "firewalls" set up between the group health plan and the employer. In this sense, "firewall" goes beyond the usual technical computer aspect.
Kevin Fairlie Diekemper, Hammond, Shinners, Turcotte and Larrew, P.C. 7730 Carondelet, Suite 200 St. Louis, MO 63105 Phone: (314) 727-1015 Fax: (314) 727-6804 The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
