I work for a health plan in New Mexico. We are finding a number of small providers (2-3 person offices) on our panel who:
* don't use the internet and * don't conduct any transactions electronically; * in addition they fall under the Medicare size exception for electronic billing by 10/16/2003. We are telling them: 1) they probably would not be considered a covered entity - but to check with an attorney 2) HIPAA Privacy will probably become the community standard so to begin to adopt what makes sense from those regulations. Julie Fulcher HIPAA Project Manager Presbyterian Healthcare Services Albuquerque, New Mexico 87125-6666 (505) 923-6397 [EMAIL PROTECTED] -----Original Message----- From: Rachel Foerster [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 3:02 PM To: [EMAIL PROTECTED] Subject: RE: WEDI/SNIP MANAGEMENT! Non-compliance model Tim, On first blush, your idea seems to have merit. On a second read, however, the only type of entity that has any wiggle room to not have the HIPAA law and regs apply to it would be a health care provider. All other types of covered entities are defined in the law/regs, i.e., health plans and clearinghouses, and I haven't seen any wiggle room for that type of entity at all. Thus, for non-health care provider entity types, the only option would be flagrant non-compliance with the law. Not a very viable option from a risk/liability viewpoint. Rachel Foerster Principal Rachel Foerster & Associates, Ltd. 39432 North Avenue Beach Park, IL 60099 Voice: 847-872-8070 Fax: 847-872-6860 eMail: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] http://www.rfa-edi.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 3:13 PM To: Deborah Campbell; [EMAIL PROTECTED] Subject: WEDI/SNIP MANAGEMENT! Non-compliance model I think these thought processes are substantially flawed. However, it occurs to me that we are seeing a significant issue emerge that requires addressing: What are the actual requirements for legal non-participation in HIPAA? From my perspective, I can not see how any modern practice can not engage in some form of arguably covered transactions which trigger HIPAA covered entity or business associate status. Even if they sub-contract the transactions services, they're still a covered entity per CMS/OCR. And, as I have stated before, I think the Privacy and Security Rules are generally a good steps forward. So, exactly what does a business have to give up to not be covered under HIPAA? What I am asking is: should SNIP develop a document that clearly states what these requirements are? Until such a document exists, business people can not objectively evaluate non-applicability from non-compliance. Nor can they look at the real loss of business that I believe such moves would entail. I, for one, would be very interested in participating is such a project. I, like many, have found it difficult to express to potential covered entities what their options are in this regard. So I believe that a non-applicability implementation guide is ultimately the only way to resolve this. Or do we simply leave it up to OCR enforcement and case law to determine this? Tim McGuinness, Ph.D. Consulting Specialist in Regulatory Privacy, Security, and Application Compliance (HIPAA/ASCA/FDA/CMS-HCFA/ICH/ADA 508c), [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> President, HIPAA Help Now [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.hipaahelpnow.com <http://www.hipaahelpnow.com/> Executive Co-Chairman for Privacy, HIPAA Conformance Certification Organization (HCCO) www.hipaacertification.org <http://www.hipaacertification.org> ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. --- PRESBYTERIAN HEALTHCARE SERVICES DISCLAIMER --- This message originates from Presbyterian Healthcare Services or one of its affiliated organizations. It contains information, which may be confidential or privileged, and is intended only for the individual or entity named above. It is prohibited for anyone else to disclose, copy, distribute or use the contents of this message. All personal messages express views solely of the sender, which are not to be attributed to Presbyterian Healthcare Services or any of its affiliated organizations, and may not be distributed without this disclaimer. If you received this message in error, please notify us immediately at [EMAIL PROTECTED] ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
