Re: Are Google/MSFT bound by HIPAA?

[DAVID FARBER <dave () farber net>]

Begin forwarded message:

> From: Brock N Meeks <bmeeks () cox net>
> Date: February 24, 2008 11:28:49 AM EST
> To: David Farber <dave () farber net>, jmsaul () ctconsultancy com
> Subject: Re: [IP] Re:     Are Google/MSFT bound by HIPAA?
>
> I'm talking about what happens when they get involved in managing  
> the health care information of individuals.  As the technology  
> companies we usually think of them as, then no, they aren't  
> covered.  But as they move into handling health care information,  
> when do these activities seep into the definition of "covered  
> entity" as defined by HIPAA?
>
> Are these new services classified as a "health care clearing  
> house"?  Where the def. of such is: " In most cases, a health care
> clearinghouses will receive individually identifiable health  
> information only when they are providing these processing services  
> to a health plan or health care provider as a business associate. In  
> such instances, only certain provisions of the Privacy Rule are  
> applicable to the health care clearinghouse’s uses and disclosures  
> of protected health information."
>
> Or are they considered a "business associate" where they are defined  
> as: "In general, a business associate is a person or organization,  
> other than a member of a covered entity's workforce, that performs  
> certain functions or activities on behalf of, or provides certain  
> services to, a covered entity that involve the use or disclosure of  
> individually identifiable health information. Business associate  
> functions or activities on behalf of a covered entity include claims  
> processing, data analysis, utilization review, and billing."
>
> I've heard knowledgeable people debate this on both sides.  I will  
> readily claim that I'm no expert -- yet -- but within the next few  
> months I'll have enough expertise to proffer an expert opinion.
>
> It's an exciting field in terms of personal privacy; a vital one.
>
> I wonder how many people on this informed and well-reasoned list  
> have ever, actually, read the privacy statements handed out in their  
> doctor's office?
>
>
> On Feb 24, 2008, at 8:47 AM, David Farber wrote:
>
> > ________________________________________
> > From: Joseph M. Saul [jmsaul () ctconsultancy com]
> > Sent: Sunday, February 24, 2008 1:01 AM
> > To: David Farber
> > Cc: ip
> > Subject: Re: [IP] Re:  Are Google/MSFT bound by HIPAA?
> >
> > On Sat, 23 Feb 2008, DAVID FARBER wrote:
> >
> > > > Dr. Zimmer asks a very important question; unfortunately the  
> > > > answer is, "it
> > > > depends."  There are opinions on both sides of this answer.  Some  
> > > > claim
> > > > that Google and Msft are, indeed, bound by HIPAA's privacy and  
> > > > disclosure
> > > > guidelines; other say, "hold on, it's not so clear that they are."
> >
> > The question was whether they're currently bound by the HIPAA Privacy
> > Rule.  As it currently stands, they don't fit into any of the covered
> > entity categories.  Are you talking about what would happen if they  
> > moved
> > into the healthcare space, or are you saying they may actually be  
> > bound
> > today?  And if it's the second one, could you explain the reasoning?
> >
> >    -- Joe Saul, J.D.

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com