Jumping through Two Hoops HIPAA and State Law Compliance: the Problem of the Failure of Federal Preemption Bruce Merlin Fried, Esq. HIPAA Summit West II.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

0 Jumping through Two Hoops: the HIPAA Privacy Rule and State Law Compliance Issues Bruce Merlin Fried, Esq. The fifth National HIPAA Summit November 1,
STATE AND FEDERAL PRIVACY LAWS: NAVIGATING THROUGH THE MAZE Jordana G. Schwartz, Esq. Gina M. Cavalier, Esq. HIPAA SUMMIT VI March 27, 2003.
JCAHO –A HIPAA Business Associate National HIPAA Summit
Jumping through Two Hoops HIPAA and State Law Compliance Bruce Merlin Fried, Esq. HIPAA State Law and Preemption Audio Summit July 10, 2002.
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA AWARENESS TRAINING
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health Insurance Portability and Accountability Act (HIPAA)
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
HIPAA: Surrogate Decision Making and Advance Health Care Directives Carolyn Heyman-Layne, Esq. Dorsey & Whitney LLP December 20, 2007.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
HIPAA – Developing an Understanding
Confidentiality and Drug Courts Carson Fox Esq. Steve Hanson M.S. Ed.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA (fax)
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Chapter 7—Privacy Law and HIPAA
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Configuring Electronic Health Records Privacy and Security in the US Lecture c This material (Comp11_Unit7c) was developed by Oregon Health & Science University.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
HIPAA and State Law Compliance: the Problem of the Lack of Federal Preemption Clark Stanton HIPAA SUMMIT IV April 26, 2002 Clark Stanton HIPAA SUMMIT IV.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Federal Preemption, and State Healthcare Privacy and Data Security Law and Regulation Fifth National HIPAA Summit October 30 – November 1, 2002 Mark Barnes.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Human Subjects Update E. Wethington, Chair, UCHS.
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
FERPA Family Educational Rights and Privacy Act
Health Insurance Portability and Accountability Act
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
Health Insurance Portability and Accountability Act
Confidential Records and Protected Disclosures
Health Advocate HIPAA Privacy Information
Disability Services Agencies Briefing On HIPAA
HIPAA Summit West The Hidden Trap: Compliance with State Law
HIPAA Summit VII The Hidden Trap: Compliance with State Law
2003 Immunization Registry Conference
National Congress on Health Care Compliance
HIPAA, The Next Level: HIPAA Preemption of State Laws
Presentation transcript:

Jumping through Two Hoops HIPAA and State Law Compliance: the Problem of the Failure of Federal Preemption Bruce Merlin Fried, Esq. HIPAA Summit West II March 14, 2002

HIPAA: The Law of the Land? Sort of, or is it maybe? One national privacy standard would: –Be easier to administer –Create uniform privacy protection for us all. BUT… –Dont forget about federalism –And then theres the abortion issue. SO…. –HIPAA is the law of the land, except…

The Law The General Rule HIPAA § 261 creates part C of Title XI of the Social Security § Effect of State Law (1) General Rule--Except as provided in paragraph (2), a provision or requirement under this Part, or a standard or implementation specification…,shall supercede any contrary provisions of State law, including a provision of State law that requires medical or health plan records…to be maintained or transmitted in written rather than electronic form.

The Law The Exceptions HIPAA § 1178 (2) Exceptions --A provision or requirement…or a standard or implementation provision…,shall not supersede a contrary provision of State law…if:

The Law The Exceptions § 1178 (2) –(A) the Secretary determines the provision (i) is necessary –(I) to prevent fraud and abuse; –(II) to ensure appropriate State regulation of insurance and health plans; –(III) for State reporting of health care delivery or costs; or –(IV) for other purposes; or (ii) addresses controlled substances, or

The Law The Exceptions § 1178 (2) –(B) subject to section 264(c)(2) of [HIPAA], relates to the privacy of [IIHI]. HIPAA § 264 (c) –(2) Preemption -- A regulation…shall not supercede a contrary provision of State law, if [it is] more stringent than the requirements, standards,… imposed under the regulation.

The Regulation 45 CFR Part 160, Subpart B § General Rule and Exceptions -- A standard, requirement or implementation specifications …that is contrary to a provision of State law preempts the provision of State law… unless (b) The provision of State law relates to the privacy of health information and is more stringent than a [HIPAA Privacy] standard…

So…Whats Contrary? § Contrary….means: –(1) A covered entity would find it impossible to comply with both the State and federal requirements; or –(2) The provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of part C of title XI of the Act or section 264 of Pub. L , as applicable.

So…Whats More Stringent? § More Stringent means,..a State law that meets one or more of the following criteria: –(1) the State law prohibits or restricts a use or disclosure that would be permitted by HIPAA, except if the disclosure is: Required by the Secretary to determine HIPAA compliance, or To the individual who is the subject of the IIHI

So…Whats More Stringent? § More Stringent means,… –(2) State law permits greater rights of access or amendment, provided that State law which authorizes or prohibits disclosure of PHI about a minor to a parent or guardian. –(3) State law provides a greater amount of information to the individual, –(4) State law narrows the scope or duration of an authorization or consent for use or disclosure of IIHI,

So…Whats More Stringent? § More Stringent means,… –(5) With respect to record keeping or accounting disclosures, provides for the retention or reporting of more detailed information or for a longer duration. –(6) Generally, provides greater privacy protection for the individual.

Shaw Pittmans Preemption Project Chosen by BCBSA and HIAA to conduct national preemption analysis. Other health plan associations expected to join. Objective--A national preemption standard for health plans 50 States, DC, PR, VI, GU Review of –Statutes- Regs –AG opinions- Con. Law –Case law based on above

No Yes No Yes No Is the provision of State law contrary to the Privacy rule (i.e., is it impossible to comply with both the Privacy rule and the provision of State law?) Few truly contrary. Does the provision relate to the privacy of health information (or any other topic discussed in the Privacy Rule)? This provision is wholly preempted (less stringent). Contrary and Less Stringent; Preempted This provision is wholly preempted (less stringent). Contrary and Less Stringent; Preempted As a matter of law, provision is not preempted by the Rule. Therefore, CEs must comply with both state law and the Rule. We will conduct a practical analysis, comparing provision to the Privacy Rule. Where no analogous provisions in the Rule, describe additional state law requirements in the database. Not Contrary, Not Preempted, Both Apply; State Law Supplements Rule. Where analogous provisions in the Rule, determine which controls as a practical matter. Use the Rules definition of more stringent to guide analysis. Not Contrary, Not Preempted, Both Apply, But, as a Practical Matter, Either State Law or the Rule Will Control. As a matter of law, provision is not preempted by the Rule. Therefore, CEs must comply with both state law and the Rule. We will conduct a practical analysis, comparing provision to the Privacy Rule. Where no analogous provisions in the Rule, describe additional state law requirements in the database. Not Contrary, Not Preempted, Both Apply; State Law Supplements Rule. Where analogous provisions in the Rule, determine which controls as a practical matter. Use the Rules definition of more stringent to guide analysis. Not Contrary, Not Preempted, Both Apply, But, as a Practical Matter, Either State Law or the Rule Will Control. Yes Analysis complete, do not include anywhere in database. Is the provision of state law more stringent than the Privacy rule? State law controls over the Privacy Rule; include in analysis Contrary and More Stringent Include cite on list in database NOT CONTRARY, NOT PREEMPTED Is it merely a general provision providing for the confidentiality or privacy of information (e.g., physician must keep patient records confidential Is the provision within the scope of the project? (direct & indirect plan impact Is the provision within the scope of the project? (direct & indirect plan impact HIPAA PRIVACY RULE PREEMPTION PROJECT - ANALYTICAL FLOWCHART January 2002 Yes

What About the Constitution? Quintiles v. WebMD, USDC, Eastern District of N. Carolina, No. 5;01-CV-180-BO(3) The Dormant Commerce Clause prevents the individual states from regulating the interstate transmission of data. It is well established that the Commerce Clause precludes a state from regulating a commercial transaction outside its jurisdiction, even if the article of commerce at issue had a connection to that state or the effect of that transaction would be felt by that state.

Providing Comprehensive Legal Services for the Health Care Community N Street, NW Washington, D.C Washington Virginia New York Los Angeles London ShawPittman