HIPAA > HIPAA

Via AHIMA - Released today

<< < (2/2)

RichardP:
Based on what you just posted, I assume you mean the definition of Health Care Clearinghouse you gave came from HHS.  I think you posted your comment before I had finished the last two paragraphs of my comment.  I agree that folks should consult an attorney.  I'm just pointing out above that the term "Health Care Clearinghouse" is constrained by the phrase processing ... nonstandard format ... into standard data elements.  That process involves following complex instructions regarding ANSI 5010, and it will be the rare billing company that does this.  However, ALL clearinghouses that accept data from billing software and send it on to the insurance carriers MUST do this.  That is the distinction upon which to focus.

Regardless of which label you wear, covered entity or business associate, the law calls both to the same standard of care regarding patient health information.  HIPAA and HITECH do not allow a business associate to do something with patient health information that a covered entity cannot.

PMRNC:

--- Quote ---Regardless of which label you wear, covered entity or business associate, the law calls both to the same standard of care regarding patient health information.  HIPAA and HITECH do not allow a business associate to do something with patient health information that a covered entity cannot.
--- End quote ---

Agree

RichardP:
Linda, you responded to my second post from the top of this thread.  I have seriously edited that post, in case you want to see how I changed it.  Thanks for telling me that your words came from HHS / CMS.  And I should have made it more clear that my original questions to you (since deleted) were triggered by language I had read the night before at the bottom of Page 447 of the Final Notice at this link:

https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf

Health care clearinghouses function almost exclusively as business associates with respect to the protected health information they maintain and process, and therefore have no NPP requirements.

This thread is a bit messy, but learning is sometimes messy.  And the new quote above doesn't help with the messiness of this subject either.  Bottom line restated:  Everyone should check with their own attorney.  However - regardless of which label one wears, covered entity or business associate, the law calls both to the same standard of care regarding patient health information.  HIPAA and HITECH do not allow a business associate to do something with patient health information that a covered entity cannot.

PMRNC:
Trust me, I have seen the final link.  I'm not GOING to debate MY status as a covered entity.   

RichardP:
I'm not trying to get you or any one else to discuss their status.  I was looking for pointers to where the language came from, and you provided that.  Thank you.

There is lots to digest, and I have no need to discuss this further, now.  But for those billing folks who would like to considered themselves a covered entity rather than a business associate, consider the requirement imposed at Page 265 at this link:

https://s3.amazonaws.com/public-inspection.federalregister.gov/2013-01073.pdf

Good luck with this one.  Think all those newly-minted graduates of billing classes know enough about computer systems to comply with this rule??  Good night, and have a great weekend.

The final rule adopts the proposal to amend the Privacy Rule at §164.524(c)(2)(ii) to require that if an individual requests an electronic copy of protected health information that is maintained electronically in one or more designated record sets, the covered entity must provide the individual with access to the electronic information in the electronic form and format requested by the individual, if it is readily producible, or, if not, in a readable electronic form and format as agreed to by the covered entity and the individual. In such cases, to the extent possible, we expect covered entities to provide the individual with a machine readable copy of the individual’s protected health information.  The Department considers machine readable data to mean digital information stored in a standard format enabling the information to be processed and analyzed by computer.  For example, this would include providing the individual with an electronic copy of the protected health information in the format of MS Word or Excel, text, HTML, or textbased PDF, among other formats.

Navigation

[0] Message Index

[*] Previous page