HIPAA CONFIDENTIALITY

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Part III – HIPAA Reference
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Developing an Understanding
1 HIPAA Health Insurance Portability and Accountability Act Budgeting Effectively for Good Faith Compliance.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAA Workforce Training PRIVACY and HIPAA MANDATORY Completion of training is mandatory under HIPAA for the entire workforce of the MHRB Including volunteers,
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
HIPAA and Employer Group Health Plans: Nothing is Simple Beth L. Rubin March 26, 2003  2003 Dechert LLP.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
GW&T © 2002 Garfunkel, Wild & Travis, P.C HIPAA: What University Counsel Needs to Know -- The Basics NATIONAL ASSOCIATION OF COLLEGE AND UNIVERSITY.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act of 1996
UNDERSTANDING WHAT HIPAA IS AND IS NOT
Privacy & Information Security Basics
10 Patient Confidentiality and HIPAA
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Reid Cushman, UM Ethics Programs
HIPAA Administrative Simplification
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
WELCOME.
The Health Insurance Portability and Accountability Act
Presentation transcript:

HIPAA CONFIDENTIALITY Paul A. Stewart, Esq. Foley & Lardner One Maritime Plaza, 6th Floor San Francisco, CA pastewart@foleylaw.com

What’s to Simplify? Health Claims Encounter Information Attachments to Health Claims Health Plan Enrollment/Disenrollment Eligibility Verification Claims Payments/Remittance Advice Payment of Premiums First Report of Injury Referral Certification/Authorization Claim Status Coordination of Benefits

Who Must Comply? A “Health Care Provider” - Furnishes, Bills or Gets Paid for Health Care Services or Supplies A “Health Plan” - Provides or Pays for Medical Care A “Health Care Clearinghouse” - processes non-standard into standard data elements “Business Partners” - Agents of Covered Entities

To What Do Regulations Apply? “Health Information” (security regulations) Created by providers, health plans, public health authorities, employers, life insurers, schools or universities Relates to the physical/mental condition, provision of health care, payment

To What Do Regulations Apply? (cont’d) “Protected Health Information” (“PHI”) (confidentiality regulations) health information identifies the individual or could reasonably be used to identify the individual

When To Comply? Whenever health information is electronically transmitted or maintained (security regulations) Whenever protected health information is electronically transmitted or maintained in connection with a standard transaction (confidentiality regulations) Obligations apply to information, not documents

Why Comply? Civil Monetary Penalties: up to $100 Per Violation/Per Person, with $25,000 Annual Limit Per Each Standard Violated Criminal Penalties for “Knowing Misuse”: $50,000–$250,000; Prison 1–10 years Greatest Penalties Reserved for Intent to Sell/Transfer/Use for Commercial Advantage, Personal Gain or Malicious Harm

What are the confidentiality Rules? Disclosure/Use prohibited except as permitted by the regulation Permitted Disclosures: As authorized by the individual For health care treatment, payment, operations (except research and psychotherapy notes) In connection with national policy activities

What are the Rules? (cont’d) Required Disclosures Request by the individual Investigation of compliance by government Circumstances Requiring Individual Authorization Marketing; sale, rental, barter; eligibility; fundraising; employers; research unrelated to treatment; psychotherapy notes Minimum Necessary

What are the Rules? (cont’d) Patient Rights To Receive Adequate Notice of Information Practices To Inspect and Copy PHI To Request Amendment/Correction of PHI To Request Restriction on Uses/Disclosure of PHI To Receive Accounting of Uses/Disclosures

What Do I Have To Do? Designate a Privacy Official Contact person/office Assess whether HIPAA preempts state law Assess current policies and procedures Develop comprehensive policies and procedures Draft contracts - Business partner/Chain of trust agreements

Preemption Assess whether HIPAA preempts state law Federal standard, requirement or implementation specification contrary to state law Exceptions State law is necessary for certain purposes State law is more stringent State law relates to audits, licensure, certification, reporting of child abuse, births, deaths, injuries, public health activities

Policies and Procedures Assess current policies and procedures What does your organization do to ensure PHI is not improperly disclosed? How do you monitor compliance with your current policies and procedures? What are the consequences in your organization if PHI is disclosed in violation of current legal requirements/p&p’s? Are your policies and procedures written?

Policies and Procedures (cont’d) Develop comprehensive policies and procedures related to: Determining when disclosures are permitted/required Conditions applicable to certain permitted disclosures Minimum necessary standard Authorizations

Policies and Procedures (cont’d) De-identifying PHI Business partners Deceased individuals Right to requests for restrictions Right to notice of information practices Right to access

Policies and Procedures (cont’d) Right to accounting of disclosures Right to amendments and corrections Verification of identity/authority of requester Training Sanctions Complaints Changes in policies or procedures

Further Documentation Must create documents related to the following and retain such documents for six years: Requested restrictions Contracts with business partners Authorization forms Notifications of information practices

Further Documentation (cont’d) Statements regarding access/denial to PHI All accountings provided Denials of amendment/correction requests Employee certifications Complaints

Business Partner Contracts Examples: Lawyers, auditors, consultants, TPA’s, DP firms Disclosures only as permitted/required No disclosures if disclosure by covered entity would violate regulation Safeguards established to prevent improper uses/disclosures Improper uses/disclosures reported Consistent subcontracts Right of access provided

Business Partner Contracts (cont’d) Access by Secretary of DHHS to books/records pertaining to uses/disclosures PHI returned/destroyed upon termination of contract Amendments/corrections incorporated Third party beneficiaries/Liability to Patients for breach Termination upon improper use/disclosure Material breach may be noncompliance Need for audit trail