RE: HIPAA scenario

[Guest guest]

And to continue for those that are interested...The HIPAA component

mentioned prior is covered under the TPO language, TPO = Treatment, Payment

or (healthcare) Operations:

http://www.hhs.gov/ocr/privacysummary.pdf

(2) Treatment, Payment, Health Care Operations. A covered entity may use and

disclose protected health information for its own treatment, payment, and

health care

operations activities.19 A covered entity also may disclose protected health

information for the treatment activities of any health care provider, the

payment

activities of another covered entity and of any health care provider, or the

health care

operations of another covered entity involving either quality or competency

assurance

activities or fraud and abuse detection and compliance activities, if both

covered

entities have or had a relationship with the individual and the protected

health

information pertains to the relationship. See OCR " Treatment, Payment,

Health Care

Operations " Guidance.

Treatment is the provision, coordination, or management of health care and

related services for an individual by one or more health care providers,

including consultation between providers regarding a patient and referral of

a

patient by one provider to another.20

Payment encompasses activities of a health plan to obtain premiums,

determine or fulfill responsibilities for coverage and provision of

benefits,

and furnish or obtain reimbursement for health care delivered to an

individual21 and activities of a health care provider to obtain payment or

be

reimbursed for the provision of health care to an individual.

Health care operations are any of the following activities: (a) quality

assessment and improvement activities, including case management and care

coordination; ( competency assurance activities, including provider or

health plan performance evaluation, credentialing, and accreditation; ©

conducting or arranging for medical reviews, audits, or legal services,

including fraud and abuse detection and compliance programs; (d) specified

insurance functions, such as underwriting, risk rating, and reinsuring risk;

(e)

business planning, development, management, and administration; and (f)

business management and general administrative activities of the entity,

including but not limited to: de-identifying protected health information,

creating a limited data set, and certain fundraising for the benefit of the

covered entity.22

Thanks again,

Steve Mc.

_____

From: ExLngHrn@...

Sent: Monday, January 30, 2006 4:19 PM

To:

Cc: Paramedicine

Subject: Re: HIPAA scenario

Does the nursing home have " standing " to request the PCR for this patient.

I would think that only the patient's executor (or perhaps immediate family)

would have such a right of access.

Of course, I could be wrong. But then, I'm not providing legal advice, only

discussing the issues in an educational forum.

-Wes Ogilvie, MPA, JD, EMT-B

Austin, Texas

HIPAA scenario

I have my own opinions (and conclusions) regarding the

following situation, but am also interested in what others

might have to say.

A nursing home patient is transported during the night to the

hospital. The patient is pronounced dead. The following

day, the nursing home contacts the EMS agency and requests a

copy of the EMS PCR. The nursing home has never done this

before.

The request seems a little unusual, in that the patient is

deceased so continuation of care is not an issue. It is only

speculation on my part, but I think that the nursing home may

be conducting an internal investigation of their own handling

of the situation. Any opinions on the proper procedure for

the request and the response?

Thanks.

Maxine Pate