HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Entities Covered by HIPAA Privacy Rule George Mason University College of Nursing and Health Science Regulatory Requirements for Health Systems Summer.
North Carolina State University Health Information Privacy 4/16/03.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
POP QUIZ!! What does CMS stand for? What does HIPAA stand for?
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Collaborative of Wisconsin PAYMENT, COLLECTIONS, AND ACCEPTED BENEFITS FURTHER DEFINITION OF THE PRIVACY RULE Copyright HIPAA Collaborative.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
TELECARE CORP HIPAA AND THE AMENDMENT PROCESS Updated 11/17/09.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
H I P A A T R A I N I N G Self Directed Module 4 Patients’ Rights START Click to begin…
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
HIPAA Certified LLC 1 6th National HIPAA Summit JCAHO and NCQA and HIPAA Business Associates Friday, March 28, 2003.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA Access Guidance Marissa Gordon-Nguyen Office for Civil Rights January 20, 2016.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Guidance API Security Task Force February 22, 2016 Office for Civil Rights 1.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
The HIPAA Privacy Rule and Research
Research Compliance: The Research/Privacy Nexus
Presentation transcript:

HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy Policy Specialist HHS Office for Civil Rights 1HHS/OCR July 2013

2 Right to Amend 45 CFR Standard: An individual has right to have covered entity (CE) amend protected health information (PHI) or a record about the individual in a designated record set (DRS) as long as it is maintained in a DRS

HHS/OCR July Handling Amendment Requests CE must permit requests to amend May require a written request and a reason if it gives advance notice of its requirements in the Notice of Privacy Practices Amend or append in whole or in part and inform individual and others as appropriate in 60 days if amendment accepted – One 30 day extension by written notice to patient supported by explanation of why extra time needed Must act on notifications from other CEs of amendments

HHS/OCR July Denials of Amendment Requests CE must give written notice of denial with basis, including individual’s right to submit statement of disagreement in 60 days – One 30 day extension by written notice to patient supported by explanation of why extra time needed CE may provide rebuttal to statement CE must thereafter include request, denial, disagreement and rebuttal in DRS and all disclosures (or disclose accurate summary)

Amendment Applies to Entire Designated Record Set (DRS) An individual’s right of amend generally applies to the information that exists within a covered entity’s designated record set(s), including: – a health care provider’s medical and billing records, – a health plan’s enrollment, payment, claims adjudication, and case or medical management record systems – any information used, in whole or in part, by or for the covered entity to make decisions about individuals. A record is any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for the covered entity. – See 45 C.F.R. § (definition of “designated record set”) 5HHS/OCR July 2013

Designated Record Sets CEs that use EHRs must remain cognizant that the right of amend applies regardless of the information’s format. The term “designated record set,” not limited to information contained in an electronic record, but also will include any non-duplicative, electronic or paper-based information that meets the term’s definition. 6HHS/OCR July 2013

Obligation to Notify & Maintain Amendments CE must notify those identified by patient as having received the PHI and needing the amendment CEs that utilize a business associate to maintain or otherwise operate its electronic records (e.g., EHR or PHR) will want to ensure the BA is obligated to include any amendment request, denial, disagreement and rebuttal in the DRS and all disclosures (or disclose accurate summary) The same would be true if a health information organization (HIO), as a BA, maintains an electronic repository of some or all of a covered entity’s PHI 7HHS/OCR July 2013