Health Information Privacy and Confidentiality Lawrence O. Gostin, J.D., LL.D. (Hon.) Professor of Law, Georgetown University; Professor of Public Health,

Slides:



Advertisements
Similar presentations
INTRODUCTION TO HEALTH SCIENCE LAW AND ETHICS. MEDICAL LAW Medical law is the branch of law which concerns the rights and responsibilities of medical.
Advertisements

PRIVACY IN HEALTH CARE SYSTEM: PROBLEMS AND POSSIBLE SOLUTIONS Tautvydas Jankauskas M.D. Rita Baneviciene M.D. Darius Petraitis Egle Kalinauskiene M.D.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA How It Is Affecting Information Systems Within Companies Around Us.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
Protecting the Privacy of Family Members in Survey and Pedigree Research Jeffrey R. Botkin, MD, MPH University of Utah.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Privacy, Confidentiality, and Security M8120 Fall 2001.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.
Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
The Use of Health Information Technology in Physician Practices
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
CONFIDENTIALITY The promise of NOT to share personal information inappropriately. Grounded in an individual’s right of privacy.  “DO NO HARM” Slide 2.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Case Study: Pharmaceuticals Patrick F. Sullivan, Ph.D. 939 North Graham Avenue, Indianapolis, IN
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Lecture 11: Law and Ethics
Privacy in Healthcare Challenges Associated with Implementing Privacy in an Electronic Health Records Environment John P. Houston, J.D. Vice President,
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
1 HIPAA Compliance Strategies for Pharmaceutical Manufacturers, PBMs and Pharmacies Jean-Paul Hepp, Ph.D. Director, Global Privacy HIPAA Colloquium Harvard.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA LAWS.  Under the privacy rule, the patient must give consent to use his or her Protected Health Information.  Examples in which consent must be.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
1 Public Health Practice vs. Research A Report for Public Health Practitioners Including Case Studies and Guidance for Making Distinctions James G. Hodge,
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.
Privacy, Confidentiality, and Security
HIPAA Administrative Simplification
Understanding HIPAA Dr. Jennifer Lu.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Other Sources of Information
Introduction to General Medical Conditions
Introduction to public health surveillance
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
American Public Health Association
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
13 Managing Medical Records Lesson 3:
Reflections on information sharing in health privacy law in New Zealand There are at least five sides to every issue – the patient’s right to medical privacy,
Presentation transcript:

Health Information Privacy and Confidentiality Lawrence O. Gostin, J.D., LL.D. (Hon.) Professor of Law, Georgetown University; Professor of Public Health, Johns Hopkins University; Director, Center for Law & the Public's Health National Health Information Infrastructure 2003: Developing a National Action Agenda for NHII July 1, 2003

Institute of Medicine on the National Health Information Infrastructure “No one engaged in any of the health care delivery or planning today can fail to sense the immense changes on the horizon, even if the silhouette of those changes, let alone the details, are in dispute.” See Institute of Medicine, *

Definitions National Health Information Infrastructure – the basic, underlying framework of electronic information collection, storage, use, and transmission that support all of the essential functions of the system. Health Information Privacy – individuals claim to control the circumstances in which personally identifiable data are collected, used, and transmitted. Security – technological, organizational, and administrative safety practices, policies, and procedures designed to protect data systems against unwarranted disclosure, modification, or distribution and to safeguard the system itself (e.g., encryption, sign-on security codes, audit trails). Secure data systems keep health records safe from unauthorized use.

Security ≠ Privacy 1) Even with 100% security there is not complete privacy. Authorized users can access data. 2) No security measures can prevent invasion of privacy by those who have authorization to access records. See Lawrence O. Gostin, Personal Privacy in the Health Care System: Employer-Sponsored Insurance, Managed Care, and Integrated Delivery Systems, 7 Kennedy Institute of Ethics Journal (1997).

Tradeoffs Privacy – Individual control of personal information Public goods - Uses of information: –Informed consumer choice –Clinical practices –Quality assurance –Monitor fraud and abuse –Track and evaluate utilization and access to health care services –Research – determinants, prevention, Rx, health services –Cost –Public health – surveillance, epidemiological investigations, population-based interventions

National Health Information Infrastructure Electronic Longitudinal Patient Records Disease, Medical Record, and Genetic Databases Unique Identifiers Electronic card technology Internal (Intranet) and Public (Internet) Networks See Lawrence O. Gostin, Health Information Privacy, 80 Cornell Law Review (1995).

Privacy Risks Authorized users – systematic flows of data between users in organization, delivery, and financing of health care –Lines blurred between employer, payor, provider –Data may flow horizontally and vertically between employers, insurers, providers, labs, pharmacies, hospitals, and other health service providers. –Secondary uses of data for research, government regulation and oversight, public health Unauthorized users –Commercial ventures Fraudulent/Unlawful users

Ethical Values Respect for persons – Autonomy Trusting relationships Economic harms Public health – encourages disclosures See Lawrence O. Gostin, Health Care Information and the Protection of Personal Privacy: Ethical and Legal Considerations, 127 Annals of Internal Medicine (1997).

Health Privacy Law Constitutional right to privacy –Whalen v. Roe grants a limited right to health information privacy. Federal law –HIPAA Privacy Rules –Privacy Act 1974 –FOIA State law –Disease specific –Extra confidentiality for certain conditions Tort See Lawrence O. Gostin, Health Information Privacy, 80 Cornell Law Review (1995); Lawrence O. Gostin et al., The Public Health Information Infrastructure: A National Review of the Law on Health Information Privacy, 275 JAMA (1996).

Theory Problems in Law and Ethics Relationships –Ethics: Hippocratic Oath, Trusting relationships between physician and patient –Law: Torts “Holder” of Data –Ethics: Duty on holder to protect data –Law: Penalty on holder for unauthorized disclosure of data These theories are outdated, but important

CDC – Model Privacy Statute Data collection justification Data protection review Fair information practices Information for patients Privacy and security assurances Secondary uses of data Concentric circles of data use See Lawrence O. Gostin et al., Informational Privacy and the Public’s Health: The Model State Public Health Privacy Act, 91 American Journal of Public Health 1388 (2001).

HIPAA Privacy Rule Only protects certain health information Important issues: –How to provide privacy outside of HIPAA (e.g. to non-health care entities) –Research –Public health activities (e.g., surveillance, outbreak investigations) See Lawrence O. Gostin, National Health Information Privacy: Regulations Under the Health Insurance Portability and Accountability Act, 285 JAMA (2001).

Ethical Issues during Public Health Emergencies Do the ethical calculations change during public health emergencies? Bioterrorism and emerging infectious diseases (e.g., SARS) –Syndromic surveillance –Sharing of information with law enforcement, public health, emergency management See, e.g., Lawrence O. Gostin, Public Health Law in an Age of Terrorism: Rethinking Individual Rights and Common Goods, 21 Health Affairs 79-93; Lawrence O. Gostin et al., The Model State Emergency Health Powers Act, 288 JAMA (2002) ; Lawrence O. Gostin, When Terrorism Threatens Health: How Far are Limitations on Personal and Economic Liberties Justified? __ Florida Law Review __ (2003).

Reconceptualizing Personal Privacy versus Common Goods Incorrect assumption that we can have it both ways. There are no easy choices and difficult tradeoffs must be made. Two respective claims: –Privacy – autonomy is a trump to other interests –Public goods – just as salient Need closer examination of the nature and power of these two respective claims. See Lawrence O. Gostin & James G. Hodge, Jr., Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule, 86 Minnesota Law Review (2002).

Reconceptualizing Personal Privacy versus Common Goods Privacy –Take seriously, but don’t assume any privacy claim deserves absolute protection Common Goods –Do not assume any claim of public good should prevail over privacy Balancing allows for –Maximizing of privacy where it matters most –Maximizing public interests where they matter most

Consider three cases Privacy interests strong, public interests weak –Disclosure to family, friends, insurer, employer –Informed consent is key Public interests strong –Research –Public health –Assuming: Legitimate purpose No other way to achieve purpose Privacy and security safeguards Hard case –Law enforcement –Emergency services

Take Privacy Seriously Fair information practices –Access to own records –Corrections of inaccuracies Privacy policy Security policy Nondisclosure rules Use of anonymized and linkable data

The Future of Health Information Privacy Privacy is inherent in American History and Constitutional Law Public goods are a part of the classic republican traditions of America Maximizing each of these values will lead to the most vibrant future for health in America: in a democracy, under the rule of law, and with respect for persons and populations.

Other resources The Center for Law and the Public’s Health Lawrence O. Gostin, Public Health Law: Power, Duty, Restraint (2000). Lawrence O. Gostin, Public Health Law: A Reader (2002).