Pam, I do not see a problem with patients (or their family members) entering IIHI into the web-based system you describe, provided the CE who is managing the system secures the data in accordance with HIPAA. The disclosing party in this case (the patient) is not a CE, so they can enter the data without worrying about the transaction rule OR about getting auth. from family members to disclose their info.
I'm not really seeing a problem with the CE (owner/manager of the data collection system) being in possession of this data, even if he/she has no treatment relationship with some or all of the patients who are entering it. The data would, after all, be obtained freely and legally from the patient. Again, the CE would have to safeguard that IIHI and treat it just like his/her patient's PHI, obey all rules regarding subsequent disclosure, etc. Maybe I'm just being dense today, but I don't see anything "wrong" here. Best regards, Chris Christopher J. Feahr, OD Optiserv Consulting [For the vision care industry] Santa Rosa, CA 707-579-4984 707-529-2268 (cell/pager) http://VisionDataStandard.org http://Optiserv At 09:31 AM 9/6/2002 -0500, Lawson, Pam wrote: >We are currently looking at a product that would allow patients to enter >demographic, past history, insurance information, etc via a web >form. They would setup their own password/id and be responsible for >updating the information. Whenever they were treated at one of our >facilities or a physician associated/on staff with one of our facilities, >that information could be viewed/verified by the caregiver. Before >setting up the account, the patient would have to click on a "I agree" >button attached to the privacy notice/disclaimer. I think just this part >of the setup is OK, but the kicker is that individuals would be allowed to >setup information on multiple users, including spouses, parents, etc and I >just don't think this will fly under HIPAA since that information would be >widely available without their knowledge or consent. Is anyone else >allowing patients to create these repositories? Do you allow them to >enter information on multiple individuals, including other adults? And, >how are you handling the HIPAA issues? Thanks Pam > >Pamela K. Lawson, RHIA >Information Security Coordinator >St. John Health System >Tulsa OK >918-744-2316 ><mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] >pager 918-643-2725 > > > >IMPORTANT NOTICE: > >This message is intended only for the use of the individual or entity to >which it is addressed and may contain information that is privileged, >confidential and exempt from disclosure under applicable law. If you have >received this message in error, you are hereby notified that we do not >consent to any reading, dissemination, distribution or copying of this >message. If you have received this communication in error, please notify >the sender immediately and destroy the transmitted information. > > >The WEDI SNIP listserv to which you are subscribed is not moderated. The >discussions on this listserv therefore represent the views of the individual >participants, and do not necessarily represent the views of the WEDI Board of >Directors nor WEDI SNIP. If you wish to receive an official opinion, post >your question to the WEDI SNIP Issues Database at >http://snip.wedi.org/tracking/. >Posting of advertisements or other commercial use of this listserv is >specifically prohibited. The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
