Posted by gardenergirl on April 14, 2005, at 2:46:02
In reply to Re: HIPAA does not apply to this forum » gardenergirl, posted by used2b on April 14, 2005, at 0:51:18
Okay this one has got to be 'splained. It's too important to just sum up.
From the link you provided, protected health information (PHI) is defined as:
[Protected Health Information. The Privacy Rule protects all "individually
identifiable health information" held or transmitted by a covered entity or its business
associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule
calls this information "protected health information (PHI)."12
“Individually identifiable health information” is information, including demographic
data, that relates to:
• the individual’s past, present or future physical or mental health or
condition,
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the
individual,
and that identifies the individual or for which there is a reasonable basis to believe
can be used to identify the individual.13 Individually identifiable health information
includes many common identifiers (e.g., name, address, birth date, Social Security
Number).
The Privacy Rule excludes from protected health information employment records
that a covered entity maintains in its capacity as an employer and education and
certain other records subject to, or defined in, the Family Educational Rights and
Privacy Act, 20 U.S.C. §1232g.]In addition, from the same link is a statement about an individuals opportunity to agree or object to disclosure of PHI:
[Uses and Disclosures with Opportunity to Agree or Object. Informal permission may be obtained by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object. Where the individual is incapacitated, in an emergency situation, or not available, covered
entities generally may make such uses and disclosures, if in the exercise of their
professional judgment, the use or disclosure is determined to be in the best interests
of the individual.]Now let's apply this definition to Babble.
1) Poster's are not individually identifiable. We use screen names. We can opt out of providing any demographic information that might relate to our present, past, or future health conditions.
2) Even if this a health care provider relationship could be construed between Dr. Bob and the posters on the board, we have the opportunity to object to the disclosure of information upon registration, by choosing not to participate in Babble. Dr. Bob is quite specific on the ownership of what is posted on his site. One may opt out by not registering.
3) Posts generated on this site are not treatment records. Many posts do contain information the poster has chosen to write about their physical or mental health. This does not make them PHI, or even health information under HIPAA standards, because it was not created as part of a provider/user interaction.In my informed opinion, nothing on this site could be construed as PHI.
On a side note, I do find your "donation" of time on this site to be curious. Such intensity. Oops, now I feel like I'm at work.
Regards.
gg
poster:gardenergirl
thread:483475
URL: http://www.dr-bob.org/babble/admin/20050323/msgs/484012.html