Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C. 202.719.7335

Slides:



Advertisements
Similar presentations
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advertisements

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Privacy Rule Training
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Key Issues For Your Remaining HIPAA Compliance Time – The Health Plan Perspective Kimberly GrayKirk J. Nahra Chief Privacy OfficerWiley Rein & Fielding.
PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.
The New HIPAA Era: What's New, What's Different and What's Actually Important Kirk J. Nahra Wiley Rein LLP Washington, D.C
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA and Employer Group Health Plans: Nothing is Simple Beth L. Rubin March 26, 2003  2003 Dechert LLP.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Reflections on the State of Privacy Risk Management in Health Care Benefits Administration (one year and counting …) Mark Lutes, Esq. Partner Epstein Becker.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
Wiley Rein & Fielding LLP HIPAA Privacy: Fundamentals and Key Challenges Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. (Dec. 8, 2014)
Wiley Rein & Fielding LLP G-L-B’s Applicability To Health Care Organizations Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C.
Top Privacy and Security Developments for the Health Care Industry Kirk J. Nahra Wiley Rein LLP Washington, D.C (December.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act of 1996
DOL Employee Benefit Plan Audits & How to Prepare
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
Iowa State Association of Counties
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
Whistleblower Program
SHARING CLINICAL DATA: Legal and Privacy Issues
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy The Morning After
The HIPAA Privacy Rule and Research
Privacy Boot Camp: Fundamentals and Key Challenges
The Centers for Medicare & Medicaid Services
Presentation to The Fourth National HIPAA Summit
The Centers for Medicare & Medicaid Services
Business Associate Contracts: Time Is Running Out . . .
National Congress on Health Care Compliance
Enforcement and Policy Challenges in Health Information Privacy
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.
Compliance and Enforcement of the Privacy Rule
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Privacy and Security Update - 5 Years After Implementation
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Transaction, Code Sets and Identifier Update
Presentation transcript:

Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C March 26, 2003

Wiley Rein & Fielding LLP2 Key Issues HIPAA 301 For covered entities, employers and business associates Key remaining issues Advice/issues to watch out for

Wiley Rein & Fielding LLP3 State of the Play Compliance is all over the map Major health insurers are generally in reasonable shape – “the leader of the behinds” Physicians are way behind Hospitals in reasonably good shape Groups/employers are way behind Many vendors/business associates are way behind

Wiley Rein & Fielding LLP4 NCVHS Letter/Comments NCVHS/ (National Committee on Vital and Health Statistics) is an advisory body for HHS on HIPAA. Their recent comments: “Surprised and disturbed” at the generally low level of implementation activities and the high levels of confusion and frustration Many providers have never heard of HIPAA and do not think it applies to them Likelihood of “widespread disruption” of the health care system as we approach April 14, 2003

Wiley Rein & Fielding LLP5 NCVHS Letter/Comments Large employers with self-funded employee benefit plans have received no guidance on when their benefits-related activities are subject to the Privacy Rule “Nobody” seems to know whether HIPAA or state law applies in the numerous instances in which the laws conflict HHS HIPAA implementation assistance efforts need to be increased by several orders of magnitude – and quickly

Wiley Rein & Fielding LLP6 Member Rights Complicated Mainly for people with complaints Compliance and risk management Confidential communications

Wiley Rein & Fielding LLP7 Spouses Normal course of business Low percentage of problems High risk where problems occur

Wiley Rein & Fielding LLP8 Enforcement Issues -- Privacy Rules Complicated Extensive Ambiguous? Consistent? Relevant to real world?

Wiley Rein & Fielding LLP9 Privacy Enforcement Less government? –Civil –Criminal/a real risk? Patients/individuals Class Actions

Wiley Rein & Fielding LLP10 Enforcement Understanding where challenges will be Making smart decisions Keeping a good perspective Compliance vs. business vs. risk management

Wiley Rein & Fielding LLP11 Litigation Basics No HIPAA private right of action What could happen? Gramm-Leach-Bliley? Insurance practices/deceptive trade practices? Common law? State privacy laws

Wiley Rein & Fielding LLP12 Litigation – Next Steps Standard in the industry State deceptive trade practices Common law invasion of privacy Creativity

Wiley Rein & Fielding LLP13 Key Issues What is the claim? Who is it by? What are the damages?

Wiley Rein & Fielding LLP14 Smith v. Chase Manhattan Bank Financial institution gave list to third party, received payments on sales Said it didn’t do these things in privacy notice No damages alleged/no cause of action Only unwanted telemarketing

Wiley Rein & Fielding LLP15 Key Risk Areas Employment Marketing Spouses Individual rights Broadly applicable issues (code word – class action)

Wiley Rein & Fielding LLP16 Conclusions Government has fewer and weaker tools in privacy Government will be creative in pushing the envelope Private litigation will be substantial and creative

Wiley Rein & Fielding LLP17 Conclusions Private litigation probably more important Monetary implications are very unclear Pressure and adverse publicity are very important Some rule for whistleblowers/complaints

Wiley Rein & Fielding LLP18 Relations with Employers Very complicated At least confusing/perhaps inconsistent Major client relations issues Opportunities and challenges –Shift to fully insured? –Will customers abandon group health care? –New client opportunities? –Keep an eye on this

Wiley Rein & Fielding LLP19 Employer/Group Issues Rules make little sense Mass confusion Likelihood of mistakes Customer relations Will require significant changes

Wiley Rein & Fielding LLP20 What Is The Issue? Avoid having PHI used by employers for employment-related purposes HHS’ fix: –HHS does not directly regulate employers or other plan sponsors –Instead, HHS places restrictions on the flow of information from covered entities to non- covered entities, including plan sponsors

Wiley Rein & Fielding LLP21 The Role of the Employer Plan Sponsor Is the employer a plan sponsor of a group health plan (GHP)? Rule restricts flow of PHI between GHP and plan sponsor Minimal impact of rule on plan sponsor that receives summary health information for premium bid purposes or enrollment information

Wiley Rein & Fielding LLP22 Plan Sponsor (cont’d) Substantial impact of rule on plan sponsor that receives PHI Sponsor must amend and certify plan documents before receiving PHI – otherwise violation of HIPAA Amendments must spell out permitted uses and disclosures of PHI by sponsor

Wiley Rein & Fielding LLP23 Compliance Obligations For Health Plans If fully insured and receive only Summary Health Information (SHI) or enrollment information, very limited effects If (1) self-insured or (2) fully insured and get PHI, substantial obligations – full covered entity

Wiley Rein & Fielding LLP24 Security New Rule Relevant Dates Tie to Privacy – What are “appropriate safeguards?”

Wiley Rein & Fielding LLP25 Contract Types Business associate (privacy) Chain of trust (security) Trading partner (standard transactions) Focus on understanding/analyzing overlaps

Wiley Rein & Fielding LLP26 Business Associates Who are they? When? What will you require of them? (requirements + options) Links to standard transactions

Wiley Rein & Fielding LLP27 Additional Issues Enforcement rules on business associates Potential responsibility beyond enforcement rule Customer/public relations aspects? Risks on timing (wolf in sheep’s clothing)

Wiley Rein & Fielding LLP28 Preemption More stringent state law Other federal law No one understands this Strategy Multi-state issues How many states are you worried about?

Wiley Rein & Fielding LLP29 Misconceptions – Minimum Necessary Misunderstood Hard Extensive Mainly a documentation project Will it require changes?

Wiley Rein & Fielding LLP30 Misconceptions Consent and authorizations Who must sign Underwriting Convenience Customer issues

Wiley Rein & Fielding LLP31 Getting Started on HIPAA Audit of information use/practices Work HIPAA into contract negotiations/ renegotiations Educate employees Educate business associates Educate providers

Wiley Rein & Fielding LLP32 Conclusions Still lots to do Very difficult balancing act Keep an eye on the lawsuits Be conscious of where people can complain – and where they may not Expect confusion An ongoing issue that will not be going away

Wiley Rein & Fielding LLP33 Top HIPAA Reminders HIPAA requires significant change by all segments of the health care industry – and all at once. HIPAA changes all aspects of the way covered entities do business The general public will scrutinize the health care industry more stringently because of HIPAA Need to educate customers on requirements/non- requirements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.