queries seeking the status of the prior authorization response may come from multiple systems - PAS #131

XMLWordPrintableJSON

    • Type: Change Request
    • Resolution: Not Persuasive
    • Priority: Medium
    • US Da Vinci PAS (FHIR)
    • STU3
    • Financial Mgmt
    • (profiles) [deprecated]
    • Hide

      The only systems that will be able to query are those who are covered entities or are known users (e.g. patient or registered care-giver for that patient) that are deemed by the payer system to have reason to access the prior authorization information for that particular patient.  The existing paper world would allow any imaging center or other service provider to phone a payer, provide the patient's card info and ask for information about current prior authorizations.  (They wouldn't even need the prior authorization identifier.)  Servers will audit all requests.  Systems/individuals that access patient information inappropriately are subject to ramifications under HIPAA.

      Show
      The only systems that will be able to query are those who are covered entities or are known users (e.g. patient or registered care-giver for that patient) that are deemed by the payer system to have reason to access the prior authorization information for that particular patient.  The existing paper world would allow any imaging center or other service provider to phone a payer, provide the patient's card info and ask for information about current prior authorizations.  (They wouldn't even need the prior authorization identifier.)  Servers will audit all requests.  Systems/individuals that access patient information inappropriately are subject to ramifications under HIPAA.
    • Laurie Burckhardt/Mark Scrimshire: 31-0-0

      Existing Wording: They SHALL require a match on both patient coverage id (identifier on the Claim.patient) and prior authorization id (Claim.identifier) to ensure access is only granted to individuals who know both - and thus have demonstrated a need to know.

      Comment:

      Ouch! This security by obscurity approach won't fly. This is a problem.

      Summary:

      queries seeking the status of the prior authorization response may come from multiple systems

            Assignee:
            Unassigned
            Reporter:
            Isaac Vetter
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: