CONFIDENTIALITY: ISSUES AND CONCERNS FOR INTEGRATED SETTINGS Alameda Health Consortium Behavioral Health Integration Initiative Monday, December 17, 2012.

Slides:



Advertisements
Similar presentations
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
Advertisements

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Confidentiality and HIPAA
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
North Carolina State University Health Information Privacy 4/16/03.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
MODULE TWO Ethical and Legal Issues. Objectives: Particpants will: Understand privacy, confidentiality and ethics as they relate to being a volunteer.
HONORABLE PEGGY DAVIS ROLES AND BOUNDARIES OF SPECIALTY COURT SUPERVISION.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
Who Must Comply? ProgramProgram General Medical Facility EmergencyEmergency Qualified Service Organization Communication EmergencyEmergency ResearchResearch.
Who Must Comply? When is a patient authorization NOT required?  As needed for the protection of federal and state elective constitutional officers and.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.
Confidentiality of MH/DD/SA Records Family Court Conference March 9, 2006 Mark Botts School of Government, UNC.
2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Confidentiality in the School Setting Presented by: Emma Morales, LCSW Myrna Reynoso-Torres, LCSW Yolanda Vargas, LCSW.
Who Must Comply? When is a patient authorization NOT required? Note: If you are an acute psychiatric hospital, inpatient psychiatric unit, government-operated.
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Confidentiality in Your TEAP Program By Diane A. Tennies, Ph.D., LADC Lead TEAP Health Specialist October 20,
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
Confidentiality and Drug Courts Carson Fox Esq. Steve Hanson M.S. Ed.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
ATR Recovery Coach Learning Community Facilitated by: Haner Hernandez, Ph.D., CADCII, LADCI Beth Fraster, LICSW, December 19, 2013.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Dr. Ihab Nada DOE, MSKMC.  The information a patient reveals to a health care provider is private and has limits on how and when it can be disclosed.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
FAMIS CONFERENCE Mari M. Presley, Assistant General Counsel Florida Department of Education June 12, 2012.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Ethical & Legal Issues MODULE FIVE:. Objectives: Students will: Understand privacy, confidentiality and ethics as they relate to being a volunteer. Understand.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Training Workshop #2 Trainer: Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA THE PRIVACY RULE Reviewed December 2012.
STATE HEALTH INFORMATION GUIDANCE
HIPAA and 42 C.F.R. Part 2 Confidentiality
Permitted Uses & Disclosures of PHI
HIPAA Pros - Disclosures
Sherri Morgan, JD, MSW Health Information Privacy Specialist
Confidential Records and Protected Disclosures
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act
Presentation transcript:

CONFIDENTIALITY: ISSUES AND CONCERNS FOR INTEGRATED SETTINGS Alameda Health Consortium Behavioral Health Integration Initiative Monday, December 17, :00 p.m. – 2:30 p.m. Presenter: Linda J. Garrett, JD Risk Management Services

Topics Confidentiality laws Sharing information with each other Sharing information with third parties

Confidentiality - Basic Rule Never use or disclose private information about clients, patients, or employees UNLESS……. you MUST or you MAY

How do you know if you must or you may? Know what laws pertain to the kind of information you hold (what discipline within medicine created the information?) See what that law says about the use or disclosure

The laws Federal HIPAA – all “PHI” 42 CFR Part 2 – substance abuse tx programs State Civil Code – general health info W&I Code 5328 – mental health info H&S Code (g) – HIV test results

HIPAA “pre-emption analysis” Compare HIPAA to state law; if there is a conflict, follow HIPAA; if no conflict follow: Strictest law protecting privacy Most beneficial law providing patient rights

HIPAA “Must” and “May” Disclosures of PHI “Must” disclose: 1. Secretary of DHHS, if asked (e.g., HIPAA breach investigation) 2. Patient, if seeking “access” to own record (unless it will cause death or serious physical harm)

HIPAA “Must” and “May” Disclosures of PHI “Must” disclose: 1. Secretary of DHHS, if asked (e.g., HIPAA breach investigation) 2. Patient, if seeking “access” to own record (unless it will cause death or serious physical harm)

HIPAA disclosures –cont. “May” disclose 1. For treatment, payment or operations (45 CFR ) 2. With “authorization” (45 CFR ) 3. With opportunity to agree or object (45 CFR ) 4. Without permission (45 CFR ) as specified:

HIPAA “May” disclose –cont. Without permission includes uses and disclosures: a) Required by law b) For public health activities c) About victims of abuse, neglect or domestic violence d) Health oversight activities e) Judicial and administrative proceedings f) Law enforcement purposes g) Decedents h) Organ or tissue donation i) Research j) To avert threat to heath or safety k) Specialized government functions l) Workers compensation

Examples of “must disclose” (CA law) Reporting child abuse and neglect Reporting elder abuse/neglect Court orders *Tarasoff “duty to warn”

Most common “may” disclosure applies to all disciplines: To third parties with permission from the patient/client Get signed written permission on a HIPAA- compliant authorization form

Collaboration with others One of Affordable Care Act’s goals is patient-centered care, collaboration and cooperation amongst providers How do you share information with other providers, e.g. primary care and drug/alcohol without violating privacy rules?

HIPAA “collaboration” rule (not the strictest rule!) PHI may be shared with other health care providers for “treatment” purposes ( ) “Treatment” defined to include provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another. ( )

Permissive Disclosures Between Health Care Providers – California Rule - general health info Civil Code (general health info) (a) no disclosure w/o patient authorization except as provided in (b) and (c) below (b) when it MUST be disclosed (1) through (9) (c) when it MAY be disclosed (1) through (20)

56.10(c)(1) General health information may be disclosed to providers of health care, health care service plans, contractors, or other health care professionals or facilities for purposes of diagnosis or treatment of the patient. Note: “unauthorized access” by health care staff (snooping) is specifically prohibited under state and federal law and is a privacy breach that must be reported!

CA rule - Permission Disclosures – Mental Health information Welfare & Institutions Code 5328 (mental health info): No disclosure of mental health information w/o authorization from the client except as provided below: (a) through (x)

W&I 5328(a) disclosure is permitted “to professionals ‘within the facility’ who are providing services or appropriate referrals”, or “in the course of conservatorship proceedings”, or “to ‘qualified professionals’ outside the facility who have medical or psychological responsibility for the care of the (client) patient”.

Disclosures of SA info – very strict 42 CFR Part 2 42 CFR Part 2 has only 3 exceptions to rule that you must first get permission from client before disclosing info to third parties (including other health care providers) about the client: Police emergency Child abuse/neglect reporting Medical emergency

Disclosing SA info –cont. Patient “consent” (authorization to use and disclose) is required for nearly every disclosure other than communication within a program or between a program and an entity that has direct administrative control over the program Drug and Alcohol Treatment Programs may NOT share information with the client’s providers who are OUTSIDE the treatment program without patient authorization - 42 CFR Part 2

SA info is “in the vault” You must get permission BEFORE you share SA information with non-SA providers including those other disciplines within the integrated system of care and on the “team” you have created UNLESS you want EVERYONE to follow 42 CFR Part 2 (you don’t!)

Will the law change to reflect ACA goals? Maybe…. To date, no change in 42 CFR Part 2 that would permit disclosures of alcohol/drug treatment program information to other healthcare providers for treatment purposes, in non-emergency situations 22

Statutory language 42 USC 290dd-2 Confidentiality of Records. (b) Permitted Disclosure (2) Method for disclosure. Whether or not the patient…gives written consent, the content of such record may be disclosed as follows: (A) To medical personnel to the extent necessary to meet a bona fide medical emergency.

42 CFR Part 2 –continued (Regulations Language) Medical Emergency – 42 CFR Subpart D, Disclosures without Patient Consent Section 2.51 – Medical emergencies. (a) General Rule. …patient identifying information may be disclosed to medical personnel who have a need for information about a patient for the purpose of treating a condition which poses an immediate threat to the health of any individual and which requires immediate medical intervention.

42 CFR Part 2 -continued A Proposal to Promote Coordination of Care an Strengthen Patient Protections under the Federal Alcohol and Drug Abuse Confidentiality Law, Prepared for the Patient Protection Coalition, February 5, 2010 Primary Lead: Renee Popovits, Esq., and Eric Goplerud, Ph.D. – George Washington University

42 CFR Part 2 -continued Proposed language: 42 USC 290dd-2 Confidentiality of Records (b) Permitted disclosure (2) Method for disclosure. (D) To and among health care providers and health plans for purposes of providing or coordinating health care and related services, or implementing recovery support services, or quality improvement or disease management programs with respect to the individual who is the subject of the record referred to in subsection (a).

42 CFR Part 2 -continued Proposal also includes many more protections for patients to discourage breaches etc. At this time Legal Action Center is leading the fight against any change in the existing law and wrote the June 17, 2010 SAMHSA position paper on “Applying the Substance Abuse Confidentiality Regulations to HIE”

Confidentiality: Multi-disciplinary teams Multi-disciplinary teams – two types 1. Health care providers only – often within an “integrated system”: seeking collaboration for treatment purposes, often from various disciplines 2. Mixed teams: Health care providers and non- healthcare providers (e.g., social services, law enforcement, probation, school, Bd. of Supervisors) 28

MDTs – healthcare providers only General health information and mental health information may be disclosed for “treatment purposes” (HIPAA, Civil Code 56.10, and W&I 5328) For example (mental health info), in communications with other qualified professionals (any discipline), in the provision of services or appropriate referrals, who have “medical or psychological responsibility” for the patient’s care But SA cannot share their information without “consent” – get this permission before starting treatment if possible! 29

MDTs – Mixed Teams there are several possible ways to handle confidentiality issues where no health care providers can share with “outside” third parties: The EASIEST: get written authorization! OR De-identify the information (“we have a 27 year old homeless female who recently received services from the shelter but was then arrested for public intoxication and is now back on the streets and in need of behavioral health services – can you help find some financial resources and housing for her?”) 30

Integrated Recordkeeping – Paper Chart With permission, ok to use one paper chart that includes substance abuse tx program records Without permission, drug and alcohol chart must be maintained separately and kept apart from other records (access only by treatment team WITHIN the drug/alcohol program and administrative staff with a need to know) 31

Integrated Recordkeeping – Electronic Record Without permission, name connected to drug/alcohol doesn’t register when entered into system With permission, name registers as being within the system and drug/alcohol information may be accessed on a need to know basis 32

Subpoena’s – tell your supervisor or call privacy officer! MH and SA - need subpoena PLUS 1. authorization from client, OR 2. court order (if SA: order only AFTER client has opportunity to a full hearing in court on the matter)

Policies and procedures Use HIPAA Notice of Privacy Practices outlining how you intend to share information for treatment purposes and to contact patient, remind them of appointments etc. Train all staff on the need to get authorization to share SA information with other disciplines within your program prior to sharing such information with members of the team Train all staff on differences between various laws protecting confidentiality of medical, mental health, and SA information

Questions??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.