I would say yes in as far as security is concerned. You need to make sure that only the people that need to access that information, access that information. One of the ways to do that is to Audit the users, the times the system was accessed, etc. Although you are not responsible to account for disclosures prior to April, 2003, You would still need to account for anyone that is accessing those old records via this software,(after April, 2003) if it is for purposes other than TPO.
Hope this makes sense. Make it a great day! Cathy Skinkis ISO St. Mary's Hospital Green Bay, WI -----Original Message----- From: Mimi Hart [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 1:34 PM To: WEDI SNIP Security Workgroup List Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: HIPAA Security - Unique Access I probably sound like I am trying to parse on a thin line, but here goes (bear with me). I don't believe that patient's rights under Privacy & Security are retroactive - that is they can't ask us to run an audit trail or produce a disclosure log for data that accessed or disclosed before April 14, 2003. However, if I am buying an application that is ONLY going to contain data that was PRODUCED before April 14, 2003 (such as microfilm pull-up software for medical records produced in 1999-2000) must I have the ability to audit, use unique sign-ins, etc for when that data is accessed by staff as part of treatment, payment or healthcare operations? Mimi Hart Ó¿Õ* Research Analyst, HIPAA Iowa Health System 319-739-2430 (phone) 319-739-2594 (fax) 319-490-0637 (pager) [EMAIL PROTECTED] --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
