Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s.

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Legal Framework for Information Sharing in Organ Donation and Transplantation Alexandra K. Glazier, Esq. VP & General Counsel New England Organ Bank.
Are you ready for HIPPO??? Welcome to HIPAA
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Health Insurance Portability and Accountability Act (HIPAA)
THE BASICS OF CONSENT LAW Sheniece Smith, Esq.. BASICS State and federal laws require patients to have the right to consent to health care decisions.
Minor Consent Laws Kim Belasco – (619) Rachel Miller – (619)
Consent and Confidentiality for Children in New Mexico Liz McGrath Executive Director Pegasus Legal Services for Children.
HIPAA: Surrogate Decision Making and Advance Health Care Directives Carolyn Heyman-Layne, Esq. Dorsey & Whitney LLP December 20, 2007.
Who Must Comply? ProgramProgram General Medical Facility EmergencyEmergency Qualified Service Organization Communication EmergencyEmergency ResearchResearch.
Who Must Comply? When is a patient authorization NOT required?  As needed for the protection of federal and state elective constitutional officers and.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Confidentiality of MH/DD/SA Records Family Court Conference March 9, 2006 Mark Botts School of Government, UNC.
2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
Confidentiality in Adolescent Health Care: Research, Ethics, Law, and Policy Abigail English, JD Director Center for Adolescent Health & the Law Treuman.
Staff Spark 3: Confidentiality and Minor Consent – Best Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Confidentiality in Your TEAP Program By Diane A. Tennies, Ph.D., LADC Lead TEAP Health Specialist October 20,
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange February 21, 2013.
 The use of telecommunications technology to provide, enhance, or expedite health care services.  Accessing off-site databases, linking clinics or physicians'
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PROTECTING CLIENT DATA HIPAA, HITECH AND PIPA PART 1B.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
©2014 DAVIS BROWN KOEHN SHORS & ROBERTS P.C. HIPAA/HITECH – Where are we now? Jo Ellen Whitney Davis Brown Law Firm.
Federal Preemption, and State Healthcare Privacy and Data Security Law and Regulation Fifth National HIPAA Summit October 30 – November 1, 2002 Mark Barnes.
School of Health Sciences Unit 6 Legal Aspects of Health Information and Health Care Statistics HI 135 Instructor: Alisa Hayes, MSA, RHIA, CCRC.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
HIPAA TRIVIA QUEST December Edition. I’ll ask the questions - and you’ll give the answers.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Can Providers Assure Commercially Insured Adolescents Confidentiality for STI Screening and Treatment? C onflicting Laws and Innovative Approaches Abigail.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA and Transitions Protected Health Information PHI.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA PRIVACY & SECURITY TRAINING
Minor Consent & Confidentiality
And the finer details of patient privacy
Jon Breyfogle Groom Law Group July 14, 2010
HIPAA Pros - Disclosures
Jay Sicklick, Esq. Center for Children’s Advocacy August 6, 2018
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
The Health Insurance Portability and Accountability Act
FERPA and HIPAA for School Nurses and School Based Health Center Staff
POLICY & PROCEDURE GUIDE FOR AUTHORIZED USERS
13 Managing Medical Records Lesson 3:
Medicaid EHR Incentives for Children's Hospitals Under the HITECH Act
September 16, 2011  12:00-1:00 pm Eastern Presenters:
Confidentiality and Consent Issues Involving Minors in Rhode Island
HIPAA, The Next Level: HIPAA Preemption of State Laws
HIPAA Privacy and Some Research
Presentation transcript:

Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s Hospital Affinity Group of the In-House Counsel (In- House) and Teaching Hospitals and Academic Medical Centers (THAMC) Practice Groups, and is co-sponsored by the Health Information and Technology (HIT) Practice Group. Privacy Issues and the Children’s Hospital EMR February 15, :00-1:15 pm Eastern Presenters Robin L. Canowitz, EsquireRobin L. Canowitz, Esquire, Senior Attorney, Vorys Sater Seymour & Pease LLP, Columbus, OH, Daniel F. Gottlieb, EsquireDaniel F. Gottlieb, Esquire, Partner, McDermott Will & Emery LLP, Chicago, IL, Moderator: Jessica Braunstein, Associate General Counsel, Children’s Healthcare of Atlanta, Atlanta, GA, 1

About CHAG AG Children’s Hospital Affinity Group (CHAG AG) provides a unique and focused forum for discussion and networking about the legal and practical issues that affect children’s hospitals and other providers that furnish pediatric care. CHAG AG is affiliated with the In-House Counsel Practice Group (In-House) and Teaching Hospital and Academic Medical Center Practice Group (THAMC). If you are a member of either of those PG Groups, you may join CHAG AG by simple ing Otherwise, become a member of either or both the In-House of THAMC Practice Groups, and ask to also join CHAG AG at the same time by contacting The In-House and THAMC Practice Groups provide a wealth of information and address issues important to all hospitals, healthcare institutions, academic medical centers, and related entities. Children’s hospitals and the care of pediatric patients, however, present some distinctive legal issues that are not often shared by the adult hospitals and adult academic medical centers. Join CHAG AG to receive and receive the benefit of its focus on children’s hospital and pediatric provider issues. 2

Agenda Data elements requiring special treatment Internal access and external release to other providers, health information exchange, etc. Patient portals and patient/parent access to information Programs to create appropriate levels of access for hospital personnel Tools for monitoring access and disclosure of information 3

Data elements requiring special treatment The HIPAA regulations provide a base line of protection for all Protected Health Information (PHI) State law and the federal alcohol and drug abuse confidentiality rules provide additional protections for sensitive subcategories of PHI Privacy and security policies should be revised to reflect:  More stringent state and federal laws  Different access rights of parents and children for different categories of information at different ages of the child 4

Sensitive Categories of PHI Sensitive categories of PHI vary from state to state, but often include:  Substance abuse treatment program information  Mental health and developmental disability information  HIV/AIDs test results  Sexually transmitted diseases  Genetic testing information 5

Sensitive Categories of PHI (cont’d) In many states, unemancipated minor has the right to consent to diagnosis and treatment for and control PHI about sensitive conditions such as:  Pregnancy  Abortion  HIV/AIDs and other sexually transmitted diseases  Sexual assault or any condition resulting from the assault  Mental illness or psychiatric condition  Alcohol consumption or drug use and/or their addiction Some states grant physician discretion to share information and/or encourage parental involvement 6

Sensitive Categories of PHI (cont’d) EHR technology presents technical challenges to management of sensitive information  Psychiatric drugs in the medication list  HIV-positive or mental health diagnosis in the problem list  HIV test result in the structured lab data  Free text field in progress notes  Parent and child access to patient portal Quality of care and tort law may conflict with health information privacy law How should the conflict be navigated? 7

Internal Access and External Release Access Controls for Internal Usage Policies on Use of records for Research Use of technology to deter people from looking at records they don’t have a need to view Are there categories of information that only certain people can see? Some institutions have “walled off” records from their substance abuse treatment programs 8

External Release of Records Releases – to allow information to be shared? Issues with patient name changes – birth hospital to specialty hospital. Confirming who has the right to allow release of information. 9

Patient Portals and Patient/Parent Access Proxy Access – who do you allow to have access to the portal? Patient/Parent/Legal Guardian – all have their own access. Can all see the same information. What do you do with proxy access when the patient becomes an adult? Do you allow minor patients to have direct access to the portal? If so, at what age, and for what purposes? How do you turn access on and off? 10

Patient Portals What do you allow to be posted? At NCH – no information on AIDS, STDs and Mental Health because of state law issues If the site does not have complete information, there should be a disclaimer about that. NCH decided not to post inpatient test results because it could create confusion. When do you post test results? At NCH – physicians given 72 hours to review test results before they are automatically posted. 11

Patient Portals (cont’d) communication tools – how to implement? Who will respond? What is the expectation of the patient? 12

Appropriate Levels of Access The HIPAA minimum necessary standard requires a hospital or other covered health care provider to limit a request, use or disclosure of PHI to the minimum amount of PHI necessary for disclosure unless it is  For Treatment  Required by Law  Pursuant to patient or parent’s authorization  Within another limited exception Hospital should develop role-based access policies for PHI that correspond to technical capabilities of its EHR Send periodic reminders about appropriate access 13

Appropriate Levels of Access (cont’d) PHI may be used and disclosed for academic purposes within hospital subject to the minimum necessary standards Faculty and students should receive training on appropriate use of PHI for educational purposes 14

Tools for Monitoring Access and Disclosure HIPAA Security Rule requires “reasonable” procedures:  Log-in monitoring  Regular review of records of information system activity, such as audit logs, access reports, and security incident tracking reports. Develop reasonable and practical practices to monitor EHR’s activity logs to identify inappropriate access Rely upon technical, automated auditing where possible Cisco and other vendors offer sophisticated monitoring tools that identify deviations from baseline activity 15

Privacy Issues and the Children’s Hospital EMR © 2013 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. “This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought”—from a declaration of the American Bar Association 16