RE: HIPPA measures to comply -- MIDRANGE-L

Gary,

When you say "I am trying to discover how much that really effects us." it's
difficult to answer without knowing what role "us" plays in the industry. If
you're concerned with HIPAA then it most likely effect you, but maybe not to
a large extent. 

As others have pointed out, if you work for a covered entity, a provider,
payor, or one of the related entities, then it's a little[1] late to be
findout out about this. However, we have a product (no this is NOT a sales
pitch) for Institutional Review Boards where their involvement with
Protected Health Information (PHI) is ill-defined at best and the impact of
HIPAA is hard to determine. If you're on that side of HIPAA where you're
more of an innocent bystander impacted by the explosion, and not a direct
target of the bomb it's not that shocking that you're just finding out now.

If you can let us know more about what you do maybe we can point you in a
good direction. Also, get ready to spend money -- both for remediation and
for legal advice. As I was recently told, HIPAA was originally called FERAA
-- the Fair Employment Rights for Attorneys Act. <G>

-Walden

[1] "little" is dripping with sarchasim in this case. <G>

------------
Walden H Leverich III
President
Tech Software
(516) 627-3800 x11
(208) 692-3308 eFax
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 

-----Original Message-----
From: Gary Kuznitz [mailto:docfxit@xxxxxxxxxxxx] 
Sent: Tuesday, May 27, 2003 3:09 PM
To: Midrange Systems Technical Discussion
Subject: Re: HIPPA measures to comply 


Hi Dan,

Since I was just told today that we need to comply I am trying to figure out
how 
unprepared we are.  So far my understanding is there is a lot that effects
every 
person in a hospital or dentist office.  I am trying to discover how much
that really 
effects us.

Thank you,

Gary Kuznitz

PS:  Are there any people on this list associated with the health care
industry?

On 27 May 2003 at 11:32, Dan (Dan <midrange-l@xxxxxxxxxxxx>) commented about
Re: HIPPA measures to comply :
> Hi Gary,
> 
> I was very briefly in an environment where there was software development
going
> on for medical billing software.  I cannot speak with authority to the
questions
> you raise.  Based on my exposure to what was coming down the pike though,
if you
> are asking these kind of questions now, you are likely woefully unprepared
for
> the HIPAA requirements.  Don't take that as an insult.  But, truly, this
isn't
> just a policy change of encrypting SSNs.  I believe they give whole-week
> seminars on HIPAA; it isn't an afternoon hunkering down with a newsletter.
But
> then, what would you expect from new government regulations?  ;-)
> 
> BTW, I am all for more privacy, esp. when it comes to medical history.
But I
> understand (without fully understanding HIPAA) that there may be instances
> (exclusions?) in the new regs that allow doctors and clinics to make your
> medical history available to outsiders even when it is not warranted;
supposedly
> they do this by giving you a form to sign that begins with something like
"HIPAA
> requires us to notify you... blah, blah, blah."  At the end of the
document, you
> are asked to sign it to "verify" that you have read this and understand it
blah,
> blah, blah.  When, in fact, you could be giving them carte blanche to
distribute
> this information you are trying so hard to keep private.  Personally, I
would
> never sign a document that is supposedly a "verify that you read this"
> signature.
> 
> Oh, and why is it that SSNs are *STILL* printed on most health insurance
cards? 
> Does anyone know if HIPAA addresses that?  We're told not to carry our
social
> security card with us, but nearly everyone of us does, in the form of a
health
> insurance card.
> 
> - Dan
> 
> --- Gary Kuznitz <docfxit@xxxxxxxxxxxx> wrote:
> > Hi,
> > 
> > I wonder if any would share the steps they have gone through in IT 
> > to comply with HIPPA.  
> > 
> > I realize some people are encoding the SSN in all files.  Is this 
> > mandatory or is it only done if there is more than one person 
> > working on the AS/400 so prying eyes don't see it?
> > 
> > I understand all communication lines must be encrypted with 
> > something like VPN.
> > 
> > It's my understanding all IT personnel are supposed to sign a 
> > document about not divulging SSN info.  Where can I find this 
> > document?
> > 
> > Thank you,
> > 
> > Gary Kuznitz
> 
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To
> post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or
> change list options, visit:
> http://lists.midrange.com/mailman/listinfo/midrange-l or email:
> MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to
review
> the archives at http://archive.midrange.com/midrange-l.
> 


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.