ModernAudrey
New Member
- Joined
- Jun 3, 2015
- Messages
- 131
- Reaction score
- 5
(RSBM)
AlwaysShocked, thank you... I will never be able to think of this guy as anything other than 'Dr. Roy H. Purple Truck' again. [emoji38]
Email to Former Patients of Dr. Teresa Sievers rcvd on or about 1 April 2016
- Thread starter msboo
- Start date
(RSBM)
AlwaysShocked, thank you... I will never be able to think of this guy as anything other than 'Dr. Roy H. Purple Truck' again. [emoji38]
Thanks, sherribear.... what I thought. I'm a tech dummy BUT tech pros can track that email back to the sender UNLESS it will only track back to RHH email set-up? IDK The sender was probably Dr Heilbron sending emails from one of the 'Purple Truck Computers'.... or one of his own, set-up to receive supplement orders. At first I suspected BS may have sent them to help MS.
Any WS tech nerds here? IP address/designation.... isn't that the device itself within it's provider? Can an email be tracked back to the device or network (if within a network) or no?
sherribear
Member
- Joined
- Dec 23, 2015
- Messages
- 21
- Reaction score
- 33
Thanks you for this link. I am going to file a complaint.
I don't know if anyone posted what the email said, so I am going to post it here:
"Dear Patients and Friends:
It has been brought to my attention that you may no longer be able to order supplements under Theresa's account after March 2016.
You may order your supplements from any doctor who is affiliated with Xymogen. I was able to reach out to one of Teresa's colleagues who is an MD
(and a integrative & holistic physician) located in Boca Raton. Dr Roy has been using Xymogen for some time now and has extended his privileges to Teresa's
patients under his account "HEILR". If you have any questions about Xymogen Supplements, you may contact him directly on his cell phon
Take Care & G-d Bless you all,
Mark Sievers"
Note the how he misspelled Teresa's name as well as other misspelled words. He also says you can call Dr. Roy on his cell phone but then
doesn't leave a number.
Just thought I would post this for those that didn't get an email and wanted to know what it said.
FelicityLemon
Well-Known Member
- Joined
- Jan 1, 2015
- Messages
- 3,302
- Reaction score
- 5,970
FRAUD
It's fraud because it goes beyond the appropriation of a murdered doctor's patient list - which should be reported to the medical board. If I were a patient, I would be furious that my personal information has been compromised.
FRAUD
Seriously, it's fraud. He - and we know it's Roy Heilbron not MS sending that email using an email account that is NOT his, through a medical practice that is NOT his, and sending it representing to be someone who he is NOT.
FRAUD
Disingenuous to say the least is using the name of "Dr. Roy" instead of his full name in the (alleged) hope that no one would google his full name to find his unethical/illegal activities, but the chutzpah-hubris? by using part of his last name as the code.
FRAUD
In my ever-lovin' opinionated opinion.
JolietJake
Well-Known Member
- Joined
- Sep 28, 2015
- Messages
- 276
- Reaction score
- 2,549
I filed my complaint today. Maybe if enough complaints are filed, they will get an idea of what's going on and will investigate things further, although I'd have to think they are aware of it by now.
JJ.
RANCH
United we stand, divided we fall.
- Joined
- Dec 18, 2008
- Messages
- 17,339
- Reaction score
- 35,361
The original question is about a doctor who does not bill insurance or medicare and only accepts cash directly from patients. Do those health care providers have to comply with HIPPA?
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
BBM It is my understanding that "conduct certain business electronically pertains to billing electronically. If I remember correctly the same rules do not apply when it comes to emailing a patient. Certain privacy is expected and safeguards in place generally for an email but are no where near as stringent. I am not sure what the ramifications are of sending out an email (Has identifying information) from an obviously deceased practitioner. Have only been able to skim lately, did the emails come from TS's practice email or from MS's? JMO/E
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
It is my understanding that if an office does not bill insurance, they are not governed by HIPAA. For instance: A free clinic that does not bill insurance and only does a cash business will not have to adhere to HIPAA guidelines as they are not transmitting protected private information.
http://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
Who Must Follow These Laws
We call the entities that must follow the HIPAA regulations "covered entities."
Covered entities include:
Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa
http://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
Who Must Follow These Laws
We call the entities that must follow the HIPAA regulations "covered entities."
Covered entities include:
Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa
La Louve
For Whitney and Teghan
- Joined
- Oct 19, 2012
- Messages
- 2,563
- Reaction score
- 4,916
I'm pretty sure Protected Health Information (PHI) is covered by HIPPA whether you pay a health provider in cash or an insurance company is involved. When I worked as a telecom paralegal, we researched our HIPPA responsibilities if we sold broadband services to health providers, and any PHI data that was transmitted over our service was covered under HIPPA (ETA irrespective of how the services were paid for).
http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx
ETA A real life example is my dentist, who does not bill insurance companies. According to her website (and my experience) my information is still private and protected under HIPPA.
http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx
ETA A real life example is my dentist, who does not bill insurance companies. According to her website (and my experience) my information is still private and protected under HIPPA.
Alice253
Live Every Moment
Having just retired after being in healthcare for over 35 years , I can tell you absolutely yes. All hc entities are subject to HIPAA (Health Insurance Portability and Insurance Act), as well as any business associates. This part of HIPAA has to do wirh protection of every patient's PHI (protected health information). This includes any info about health conditions, provision of care, or payment for healthcare that is created or collected by a "covered entity" and can be linked to a specific individual. Includes any part of the medical record or payment history. Examples of PHI would be names, specific addresses, phone numbers, email addresses, social security numbers, medical record numbers, etc. I can also tell you the federal Department of Health and Human Services takes this very seriously if they think a breach has occurred.
Sent from Wonderland
La Louve
For Whitney and Teghan
- Joined
- Oct 19, 2012
- Messages
- 2,563
- Reaction score
- 4,916
From the website you linked:
http://www.hhs.gov/hipaa/for-individuals/medical-records/index.html
Nowhere does it qualify those rights as only protecting your information if your care is covered by health insurance.
Alice253
Live Every Moment
ETA, covered entities are any hospital. Doctor, or health insurer, etc. It does not matter if insurance is accepted or not.
Sent from Wonderland
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
If a Dr. is paid in cash and has no reason to bill an external source or send a report to an external source, no HIPAA protected information is exchanged. It is when protected information is used in a certain way or exchanged with an external source the rules are in force.
HIPAA also applies to covered entities business associates (i.e., third parties that perform certain functions or activities that require the use of personal health information (PHI) including, for example, claims processing or administration). Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA. Health information organizations that facilitate the exchange of electronic PHI primarily for treatment purposes between and among several health care providers.
May I add that I work in a hospital that is governed under the rules of HIPAA and have only seen case scenarios in classes that touch on the "providers" who do not transmit patient information to an external source.
https://www.healthit.gov/patients-families/faqs/who-must-follow-hipaa
HIPAA also applies to covered entities business associates (i.e., third parties that perform certain functions or activities that require the use of personal health information (PHI) including, for example, claims processing or administration). Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA. Health information organizations that facilitate the exchange of electronic PHI primarily for treatment purposes between and among several health care providers.
May I add that I work in a hospital that is governed under the rules of HIPAA and have only seen case scenarios in classes that touch on the "providers" who do not transmit patient information to an external source.
https://www.healthit.gov/patients-families/faqs/who-must-follow-hipaa
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
I am sure that I am not writing what my mind is trying to say. Maybe this link will help as forming cohesive sentences is not happening for me today:
Covered entity's are governed by HIPAA as electronic information is sent from the entity to an external source.
http://www.drjarodcarter.com/hipaa-and-cash-based-healthcare-practices/
From the link above:
Even if your answer to the title question is “no” and you are not a “covered entity,” you still have to conform to the standards of practice and privacy ethics as outlined in your state’s practice act.
Covered entity's are governed by HIPAA as electronic information is sent from the entity to an external source.
http://www.drjarodcarter.com/hipaa-and-cash-based-healthcare-practices/
From the link above:
Even if your answer to the title question is “no” and you are not a “covered entity,” you still have to conform to the standards of practice and privacy ethics as outlined in your state’s practice act.
RANCH
United we stand, divided we fall.
- Joined
- Dec 18, 2008
- Messages
- 17,339
- Reaction score
- 35,361
I'm not sure what a covered entity is under HIPPA. It doesn't make any sense that a doctor who only accepts cash can spread a patients medical information all over the place with no repercussions. Does that mean they don't have to provide patients their records under HIPPA rules either?
Who must comply with HIPAA privacy standards?
What financial and administrative transactions are they talking about? Does it only have to do with billing insurance company's?
http://www.hhs.gov/hipaa/for-profes...omply-with-hipaa-privacy-standards/index.html
Who must comply with HIPAA privacy standards?
What financial and administrative transactions are they talking about? Does it only have to do with billing insurance company's?
http://www.hhs.gov/hipaa/for-profes...omply-with-hipaa-privacy-standards/index.html
La Louve
For Whitney and Teghan
- Joined
- Oct 19, 2012
- Messages
- 2,563
- Reaction score
- 4,916
RS&BBM Correct, but the patient's protected health information is still protected by HIPPA regardless of how the patient's care is paid for.
Just curious, does the hospital you work for treat uninsured patients?
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
I am not saying only those that accept insurance are covered entities, only that not all providers are covered entities.
Covered Entities
Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.
Researchers are covered entities if they are also health care providers who electronically transmit health information in connection with any transaction for which HHS has adopted a standard. For example, physicians who conduct clinical studies or administer experimental therapeutics to participants during the course of a study must comply with the Privacy Rule if they meet the HIPAA definition of a covered entity.
https://privacyruleandresearch.nih.gov/pr_06.asp
Covered Entities
Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.
Researchers are covered entities if they are also health care providers who electronically transmit health information in connection with any transaction for which HHS has adopted a standard. For example, physicians who conduct clinical studies or administer experimental therapeutics to participants during the course of a study must comply with the Privacy Rule if they meet the HIPAA definition of a covered entity.
https://privacyruleandresearch.nih.gov/pr_06.asp
La Louve
For Whitney and Teghan
- Joined
- Oct 19, 2012
- Messages
- 2,563
- Reaction score
- 4,916
Turtles
Member
- Joined
- Mar 5, 2009
- Messages
- 587
- Reaction score
- 0
Yikes, yes I have made a mess of trying to explain my point of view. All information is protected, my point was if the information is sitting in a paper chart (not EMR) and not being sent electronically for insurance, billing or coordination of care there is no need for HIPAA compliance as they are not being sent to an external source and in need of HIPAA protection (The digital or electronic protection). No my hospital sees anyone in need of care regardless of their ability to pay. I give up, am not able to explain what I want to say....maybe another day.