This posting is one of several that outline the HITECH privacy provisions of the American Recovery and Reinvestment Act that President Obama signed into law on Tuesday, February 17, 2009, in Denver, CO. Here, we reproduce the definitions that appear in Subtitle D—Privacy, Section 13400. Definitions, that appear in the Conference Report on page H1345 of Congressional Record—House, February 12, 2009. These definitions are critical in understanding the content of the new HITECH privacy provisions and how they relate to existing HIPAA Administrative Simplification Privacy Rule standards.
HIPAA Privacy Definitions:
HEALTH CARE PROVIDER
The term ‘health care provider’ has the meaning given such term in section 160.103 of title 45, Code of Federal Regulations.
Section 160.103—
Provider of services (as defined in section 1861(u) of the [Social Security] Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.3
3 Social Security Act, Section 1861 definitions for (u) and (s) are available online at http://www.ssa.gov/OP_Home/ssact/title18/1861.htm.
My comment is more of a question regarding billing personnel reading or accessing clinical notes within a substance abuse program. I question whether this should be allowed as there are very personal trauma issues that no biller needs to review and might gossip about due to the horrific nature such as rape, encest, prostitution or parental explotation of a child. Why should a billing person ever need access to this personal information?