Time for a
quick survey. Please reply just to
me. I will post the final results
to the group next Tuesday (Feb 4).
Thanks in advance. Please
respond with the single number that best describes your organization’s use of
Email in relationship to PHI.
External Email is defined as Email sent to an address outside of your
firewall. One It
is against our policy to transmit PHI via Email externally but okay to send PHI
internally. Two It
is against our policy to transmit PHI via Email internally and externally. Three PHI
can be transmitted via Email externally as long as it is encrypted but can be
sent internally without encryption. Four Any
transmission of PHI via Email must be encrypted but we do not use any Email
Security management tools. Five Any
transmission of PHI via Email must be encrypted and we do use Email Security
management tool(s). Six We
do not use Email. Seven Other: Please explain Organization Type: A: provider B: vendor C: payer D: provider/payer E: other Donald L. Ribelin HIPAA Project Manager Firsthealth of the Carolinas (910) 215-2668 [EMAIL PROTECTED] -----Original
Message----- Jim, Here is
a site that contains a document regarding designated record set that might
useful to you. http://www.nchica.org/HIPAAResources/Samples/DesRecSets.pdf Phyllis Line -----Original Message----- Here goes my
opinion. 1) We haven't
decided if we will release any info to the subscriber on one of their members.
So couldn't you use this as an excuse? Say, "I'm sorry, according to the
new HIPAA regulations, we are unable to release any further information without
an authorization from the member." 2) We
don't send EOB's so can't help you there. 3) Didn't the
8/14/03 revisions say when it comes to minors, we should follow state regs?
Does the state allow you to limit info to parents of underage minors? 4) Not sure
what the question is. Yes, if we turn down an amendment request, and the member
requests that we log the amendment request in the records, we must. Sorry I
couldn't be more help. Deborah Campbell Dominion Dental Services, Inc. Phn: (703) 518-5000 ext. 3035 ******************************************* If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful. ********************************************************************* -----Original
Message----- Hi All, I've
asked these questions before, but didn't get much response (or any at all on
some). Since we're all getting close to THE DATE, I thought
re-asking might get more/better response, so I'm re-posting a digest of
the questions. Any discussions of what you are doing and / or suggestions
are welcome..... _____ Private
Communications ____________________________________________ These
questions are about Private Communications (PC) & Customer Service: 1) How do you
respond to a Customer Service Inquiry from the contract holder
(subscriber) when someone on that contract has invoked PC? Do you
just say, "I can't give any further information" or "I've released
all the information to which you are entitled" or .... some other
sentence/phrase with similar meaning? I realize you can't just say,
"Someone on your contract has requested Private
Communications". Possible
scenario: Jane, the wife of Joe Contractholder requests PC, primarily
because she's going to a psychologist. Because Jane has requested PC, the
insurance company (or provider) routes ALL her claim EOBs (or
bills) to an alternate address. Joe calls customer service to ask
where the Explanation of Benefits (EOB) is for his wife's recent visit to the
Emergency Room for a twisted ankle. How should the customer service
rep answer....? 2) How do you
send out the EOB when you have a non-custodial and custodial parent getting
EOBs and one of the children has invoked PC? We have a number of these
situations where we have received a Domestic Relations Court Order to send the
underage dependent EOBs to both the custodial and non-custodial parents.
As long as they haven't reached 18, we comply with the order (or if a dependent
is in college, until they graduate). Possible
scenario: Joe Doe (Contractholder) and Jane Doe (Joe's former wife
and mother of Donna Doe) have both been receiving Donna's EOBs pursuant to a
court order. Donna's in college and goes to her OB/Gyn and asks for birth
control pills. Donna doesn't want her father to know (he has a temper),
so she invokes PC with both the Provider and the insurance company. All
of a sudden, neither Joe or Jane are getting copies of Donna's EOB's.
Jane knows that Donna went to the OB/Gyn but doesn't get a copy of the
EOB. She calls Joe and asks if he has gotten the EOB yet... of course he
says no. So she calls customer service. How should the customer
service rep answer? Does HIPAA Privacy override the Domestic
Relations Order or vice versa? 3) How do you
respond to a 12 year old who asks for PC when calling/writing to Customer
Service? Do you explain and direct her to go to court to get a court
order giving her the right to invoke PC? Do you grant the request absent
the court order even though she isn't 18 (or what ever the age of
majority/emancipation is in the your state)? We are
primarily concerned with inadvertently cluing in a parent/spouse that there has
been a PC request, where the contractholder thinks that they have the right to
get such information (people can get pretty irate in these situations).
We want to avoid the situation where an abusive spouse/parent figures something
funny is going on, and injures the person who requested PC in trying to
get them to tell the abusive person what's going on. What are our
responsibilities when an underage dependent asks for PC? There
doesn't seem to be any good answers here, only compromises that have varying
degrees of risk. How are you people out there planning on handling these
situations? Any help / advice / suggestions would be welcome. _____
Amendments ____________________________________________ Say
that you do turn down an amendment request (for good and legitimate reasons...
ie amending medical data that came from somewhere else). The regulation
says that (after going to an appeal process) the patient/member has the right
to file a statement giving their side of the story and make it a part of the
record or just have it noted in the record that an amendment request was
filed. The CE that receives the request/statement must then include that
an amendment was filed and (if supplied) the statement in all disclosures of
that claim data from that point forward... and have it sent to specified
entities that have already received the data. There is even a point in
the reg where it says that the amendment flag and statement must be sent along
with a standard transaction, even though there is no place for it. _____ How
detailed must my Designated Record Set be?________________________ Should
the DRS be at the level of the EOB or should you give the most of the data
elements in all patient/subscriber related systems? The Regulations
clearly state that we must show all data that we used to make a decision about
the subscriber / patient.... But at what level? I vote
for somewhere in between. Clearly, as an insurance company, we don't have
to disclose confidential corporate data (like how much the discount
%/$ are for any given procedure for that provider or our rating
formulae). All opinions
expressed are my own and should not be construed to be Medical Mutual or
Antares Management Solutions official policy. Jim Moores -
HIPAA Team Leader - Privacy [EMAIL PROTECTED] --- ------------------------------------------------------------------------------ --- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org |