Re: Be Careful - You May Be Violating HIPAA
Paul E. Prusakowski
Description
Collection
Title:
Re: Be Careful - You May Be Violating HIPAA
Creator:
Paul E. Prusakowski
Date:
4/28/2003
Text:
Dear Virginia,
Maybe you could demonstrate AOPA's concern for the advancement of the
profession and industry by sharing this knowledge with all the subscribers
of the oandp-l listserver within a few postings. This would be very helpful
to everyone, and also very much appreciated by me as moderator. This would
be a great benefit to all those trying to perform the best patient care that
they can, and also save someone else the trouble of interpreting your
response to them and posting it publicly to the entire listserv. I think it
would also be a great marketing opportunity for you to demonstrate AOPA's
incredible knowledge of the HIPAA topic to the entire O&P community by
sharing this one piece with the online professional community as a freebie.
Maybe other members of the listserv who are also AOPA members would like to
comment to you privately to encourage this sharing of information which
would be of incredible value to the profession and most importantly to the
patients we serve. In the spirit of the oandp-l listserv, sharing of
information for the benefit of elevating patient care and the advancement of
the profession is a win-win for everyone. I hope that you are willing to
take advantage of this opportunity to help ensure that practitioners are
properly educated on how to properly discuss patient care issues without
putting themselves at risk for any sort of HIPAA violation.
Sincerely,
Paul E. Prusakowski, CPO
Moderator
-----Original Message-----
From: Orthotics and Prosthetics List [mailto:<Email Address Redacted>] On
Behalf Of AOPA
Sent: Friday, April 25, 2003 2:53 PM
To: <Email Address Redacted>
Subject: Re: Be Careful - You May Be Violating HIPAA
Some of you have expressed concern that the example in our HIPAA e-mail
was far-fetched and only a marketing ploy. Below, please see our reply
to one such posting and the reasons why certain messages on this
listserv could cause HIPAA compliance problems. If you are still
concerned, please do not hesitate to contact us directly. -- AOPA
Mr. Foster:
You stated, ...you can discuss all the PHI you want, except the parts
that are readily identifiable to a particular person (e.g. SSN, names,
address, phone# etc.).
Your statement is not accurate. Protected health information (PHI) does
not have to directly identify an individual. If the information is
specific enough that you can infer the identity of the individual, it is
considered PHI and subject to HIPAA regulations.
In the case that we used, Patient is a 2 year old child with a disorder
that causes her limbs to be 3 times the size of a normal child..., the
information is specific enough that a person familiar with the facility
or practitioner can easily identify the patient.
The Privacy rule (section 164.506(c)) states that a HIPAA covered entity
may use or disclose PHI for its own treatment, payment, or health care
operations, or for the treatment activities of any health care provider.
Asking a question on a very public listserv that is accessed by non
health care providers is not going to fit within either of those
permissible disclosures. This is akin to standing in a public hallway
in a hospital and shouting out to a crowd that you want to know how to
treat your 2 year old patient that has a disorder that causes her limbs
to be 3 times the size of a normal child.
Also, the HIPAA Security rule is going to require that you keep email
communications containing PHI secure. A listserv is not a secure forum
in which to discuss PHI.
It is part of AOPA's mission to provide education concerning HIPAA
regulations. While you are not at risk for violating HIPAA as an
individual employee, by your actions the facility that employs you could
face civil and monetary penalties for violating HIPAA regulations. This
is something AOPA is striving to prevent.
There are ways to ask a question on the listserv about treating a
specific condition that do not violate the HIPAA Privacy or Security
rules. We are pleased to have your facility as an AOPA member and are
happy to discuss these methods with you. You might also consider
attending the AOPA HIPAA Seminar on May 2.
Sincerely,
Virginia Torsch
Manager, Regulatory Affairs
AOPA
--------------------------------------------------------------
American Orthotic & Prosthetic Association T 571.431.0876
330 John Carlyle St, Ste 200 F 571.431.0899
Alexandria, VA 22314 www.aopanet.org
AOPA Knows the Business of O&P. Become a member today!
Maybe you could demonstrate AOPA's concern for the advancement of the
profession and industry by sharing this knowledge with all the subscribers
of the oandp-l listserver within a few postings. This would be very helpful
to everyone, and also very much appreciated by me as moderator. This would
be a great benefit to all those trying to perform the best patient care that
they can, and also save someone else the trouble of interpreting your
response to them and posting it publicly to the entire listserv. I think it
would also be a great marketing opportunity for you to demonstrate AOPA's
incredible knowledge of the HIPAA topic to the entire O&P community by
sharing this one piece with the online professional community as a freebie.
Maybe other members of the listserv who are also AOPA members would like to
comment to you privately to encourage this sharing of information which
would be of incredible value to the profession and most importantly to the
patients we serve. In the spirit of the oandp-l listserv, sharing of
information for the benefit of elevating patient care and the advancement of
the profession is a win-win for everyone. I hope that you are willing to
take advantage of this opportunity to help ensure that practitioners are
properly educated on how to properly discuss patient care issues without
putting themselves at risk for any sort of HIPAA violation.
Sincerely,
Paul E. Prusakowski, CPO
Moderator
-----Original Message-----
From: Orthotics and Prosthetics List [mailto:<Email Address Redacted>] On
Behalf Of AOPA
Sent: Friday, April 25, 2003 2:53 PM
To: <Email Address Redacted>
Subject: Re: Be Careful - You May Be Violating HIPAA
Some of you have expressed concern that the example in our HIPAA e-mail
was far-fetched and only a marketing ploy. Below, please see our reply
to one such posting and the reasons why certain messages on this
listserv could cause HIPAA compliance problems. If you are still
concerned, please do not hesitate to contact us directly. -- AOPA
Mr. Foster:
You stated, ...you can discuss all the PHI you want, except the parts
that are readily identifiable to a particular person (e.g. SSN, names,
address, phone# etc.).
Your statement is not accurate. Protected health information (PHI) does
not have to directly identify an individual. If the information is
specific enough that you can infer the identity of the individual, it is
considered PHI and subject to HIPAA regulations.
In the case that we used, Patient is a 2 year old child with a disorder
that causes her limbs to be 3 times the size of a normal child..., the
information is specific enough that a person familiar with the facility
or practitioner can easily identify the patient.
The Privacy rule (section 164.506(c)) states that a HIPAA covered entity
may use or disclose PHI for its own treatment, payment, or health care
operations, or for the treatment activities of any health care provider.
Asking a question on a very public listserv that is accessed by non
health care providers is not going to fit within either of those
permissible disclosures. This is akin to standing in a public hallway
in a hospital and shouting out to a crowd that you want to know how to
treat your 2 year old patient that has a disorder that causes her limbs
to be 3 times the size of a normal child.
Also, the HIPAA Security rule is going to require that you keep email
communications containing PHI secure. A listserv is not a secure forum
in which to discuss PHI.
It is part of AOPA's mission to provide education concerning HIPAA
regulations. While you are not at risk for violating HIPAA as an
individual employee, by your actions the facility that employs you could
face civil and monetary penalties for violating HIPAA regulations. This
is something AOPA is striving to prevent.
There are ways to ask a question on the listserv about treating a
specific condition that do not violate the HIPAA Privacy or Security
rules. We are pleased to have your facility as an AOPA member and are
happy to discuss these methods with you. You might also consider
attending the AOPA HIPAA Seminar on May 2.
Sincerely,
Virginia Torsch
Manager, Regulatory Affairs
AOPA
--------------------------------------------------------------
American Orthotic & Prosthetic Association T 571.431.0876
330 John Carlyle St, Ste 200 F 571.431.0899
Alexandria, VA 22314 www.aopanet.org
AOPA Knows the Business of O&P. Become a member today!
Citation
Paul E. Prusakowski, “Re: Be Careful - You May Be Violating HIPAA,” Digital Resource Foundation for Orthotics and Prosthetics, accessed November 4, 2024, https://library.drfop.org/items/show/220938.