2. Does our organization have to disclose offshore subcontractor information or offshore staff if the subcontractor or staff will be performing a function that supports our contract with Tethys Health Ventures?
Answer: Yes. For the Annual Compliance Program and Offshore Subcontractor Attestation, FDRs must complete this section for offshore contractors or offshore staff that will receive, process, transfer, handle, store, or access protected health information (PHI) of Tethys Health Ventures client’s members in oral, written, or electronic form. Examples of PHI include beneficiary name, birth date, address, social security number, health insurance claim number, patient identifiers, medical diagnosis, medical history, treatment records, type of provider visited, use of health care services, payment information, evidence of insurance coverage, or any information that could reasonably lead to the identification of a Tethys Health Ventures member. For example, if an FDR contracts with and provides PHI for a Tethys Health Ventures member to an offshore company in Mexico, then the FDR should disclose this information in Section III of the Annual Compliance Program and Offshore Subcontractor Attestation.
Examples of functions that involve an FDR sharing PHI with an offshore subcontractor or offshore staff include, but is not limited to: claim processing, claim data entry services, scanning paper claims to create electronic records, receiving medical data for interpretation, receipt of beneficiary calls, IT services where access to PHI is available, and any other situation where the offshore subcontractor may have access to beneficiary PHI.