1 Sixth National HIPAA Summit The Health Lawyer as Business Associate March 28, 2003 Session VI 3:00 pm Gerald E. DeLoss, Esquire Barnwell Whaley Patterson.

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
Procedural Safeguards
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
LEGAL 101 – Two Favourite Concepts: 1.Without Prejudice and 2.Client Legal Privilege THINK.CHANGE.DO.
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Presented by Jennifer Coughlin Eugene, Oregon April 10, 2013.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.
1 WHAT CAN I DO ABOUT OPPOSING COUNSEL TALKING TO OUR EMPLOYEES? James H. Gilliam BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA Telephone:
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
© 2007 Prentice Hall, Business Law, sixth edition, Henry R. Cheeseman Chapter 3 Litigation and Alternative Dispute Resolution Chapter 3 Litigation and.
Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
PA/FOIA INTERFACE OSD/JS Privacy Office (703)
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.
HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule.
HIPAA Health Insurance Portability & Accountability Act of 1996.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 Eighth National HIPAA Summit Baltimore, MD PreConference I: HIPAA Boot Camp: The Basics of HIPAA for Providers, Health Plans, Employers and Patients.
Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
HIPAA PRIVACY AND SECURITY AWARENESS.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
1 Disclosures © HIPAA Pros 2002 All rights reserved.
1 Ethics For the Employee Benefits Agent.  Ethics – defined as a principle of right or good conduct; a system of moral principles or values; the rules.
HIPAA – How Will the Regulations Impact Research?.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.
September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
Health Insurance portability and Accountability Act (HIPAA)‏
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
HIPAA Privacy Rule Implementation Status Report Richard M. Campanelli, J.D. Director, Office for Civil Rights Before the The Tenth National HIPAA Summit.
Human Subjects Update E. Wethington, Chair, UCHS.
WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.
1 Ethical Lawyering Spring 2006 Class 8. 2 Rest. 68 Except as otherwise provided in this Restatement, the attorney-client privilege may be invoked as.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Nassau Association of School Technologists
Tomball Independent School District Annual Confidentiality Training
Iowa State Association of Counties
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
HIPAA Pros - Disclosures
Disability Services Agencies Briefing On HIPAA
Business Associate Contracts: Time Is Running Out . . .
National Congress on Health Care Compliance
Sadi R. Antonmattei-Goitia Sullo & Sullo, LLP February 16, 2019
Presentation transcript:

1 Sixth National HIPAA Summit The Health Lawyer as Business Associate March 28, 2003 Session VI 3:00 pm Gerald E. DeLoss, Esquire Barnwell Whaley Patterson & Helms, LLC Charleston, South Carolina

2 Business Associates Business Associate Means a Person, Other Than a Workforce Member, Who: Provides Legal, Actuarial, Accounting, Consulting, …, Where the Provision of the Service Involves the Disclosure of Individually Identifiable Health Information Lawyers May Be Business Associates

3 Business Associate Agreement Covered Entity Must Enter Into BA Agreement With Lawyer if Using or Disclosing Protected Health Information (“PHI”) BA Agreement Must Contain Certain Specified Terms

4 Business Associate Agreement Specified Terms of BA Agreement Include that Business Associate Must: Make its Internal Practices, Books, and Records Relating to the Use and Disclosure of Protected Health Information (“PHI”) Available to DHHS for Inspection to Determine Compliance

5 Attorney-Client Relationship Attorney-Client Privilege Protections Granted to Communications Between Attorney and Client Work Product Doctrine Protections Granted to the Work and Thoughts of Attorneys Representing Clients

6 Waiver/Loss of Protections BA Agreement Requirement That BA Attorney Must Make Internal Practices, Books, and Records Available Could Result in Requiring Production of Privileged and/or Work Product Materials Issue Whether Must Produce to DHHS and Whether Waives Protections as to Others

7 Produce to DHHS? Commenter on Final Rules Requested that Privileged/Work Product be Excluded DHHS Refused to Amend Rule DHHS Does Not Anticipate That Necessary to Access Privileged Information “However, [DHHS] does not believe that it is appropriate to exempt attorneys from the business associate requirements.”

8 Produce to Others? No HIPAA Cases on Point Yet, But U.S. v. MIT, 129 F.3d 681 (1 st Cir. 1997) MIT Required to Produce Privileged/Work Product Documents to Dept. of Defense Auditing Agency Under Defense Contract IRS Then Sought Copy of Information Provided to DoD Auditing Agency for 501(c)(3) Status

9 Produce to Others? MIT Argued No IRS Access Because Information Provided Under Defense Contract Was not Voluntary Disclosure Court Disagreed: “MIT chose to place itself in this position by becoming a government contractor.” MIT Chose at Time of Defense Contract

10 Disclose to Others? MIT Held to Have Waived Attorney- Client Privilege by Entering Into Defense Contract Containing Language Requiring Production to Government MIT Lost Work Product Protections Because Documents Must be Produced to Potentially “Adverse Party,” e.g., DoD Auditing Agency

11 Disclose to Others? Because MIT Waived Privilege and Lost Work Product Protections Per the DoD Contractual Terms, Court Held That MIT Must Produce Information to IRS Majority of Other Courts Have Reached the Same Conclusion

12 Disclose to Others? Application to HIPAA Business Associate Agreements and Attorneys Contractual Requirement to Produce to Government, Results in Loss of Waiver as to Third Party Argument Could be Made by Parties in Litigation Against Covered Entity for Production That BA = Waiver/Loss

13 Waiver/Loss of Protections Impact Upon Attorney-Client Relationship BA Attorney Must Make Available, or Violating BA Agreement Requirement BA Attorney Who Violates BA Agreement Jeopardizes Covered Entity Client Interference with DHHS Investigation

14 Impact Upon Attorney- Client Relationship BA Attorney Production of Internal Practices, Books, and Records Relating to PHI Could Reveal Information Received by BA Attorney From Other Clients Jeopardize Privileged/Work Product Information Relating to a Different Client, Not Under DHHS Investigation

15 Avoiding Disclosure Business Associate Agreement Insert Language That Covered Entity Client on Notice of Potential Waiver and Potentially Requesting BA Attorney to Raise Privilege/Work Product Objections Insert Language With Respect to Investigation of BA Attorney’s Other Covered Entity Clients

16 Avoiding Disclosure Argue That Privacy Rule Preempted by Privilege and/or Doctrine Under HIPAA Preemption Analysis, State Law Preempts Privacy Rule if “More Stringent” Typically Means Prevents Disclosures However, HIPAA Not Preempted if State Law Prevents DHHS Access

17 Avoiding Disclosure Request Exception From HIPAA Submit Request to DHHS HIPAA Applies Unless/Until DHHS Issues Determination on Why State Law (Privilege/Doctrine) Not Preempted

18 Other Aspects of Relationship Minimum Necessary Requirement Covered Entity’s Disclosure to Business Associates Must be Limited to Minimum Necessary to Carry Out Task As a Rule, Entire Medical Record May Not be Disclosed However, Covered Entity May Rely Upon Representation of Professional That Entire Record Necessary

19 Other Aspects of Relationship Privacy Rule Requires Business Associate to Return or Destroy PHI Upon Conclusion or Termination of Relationship Not Required if “Not Feasible” But Then Must Extend Protections to PHI Attorney Obligated to Maintain Records

20 Impact Upon Litigation Discovery Conducted During Litigation and/or Prior to Litigation Impacted by Privacy Rule Use or Disclosure of PHI in Civil, Criminal, or Administrative Proceedings

21 Impact Upon Litigation Covered Entity May Disclose PHI in Response to Valid Court Order To Extent of Authority of Court Only the Specific Information Identified in Order No Other Requirement Under HIPAA Check State Law

22 Impact Upon Litigation Covered Entity May Disclose PHI in Response to Subpoena or Discovery Request Discovery Request: Interrogatories, Request for Production, Deposition Only Produce if Accompanied by Satisfactory Assurances

23 Impact Upon Litigation Satisfactory Assurances Means Requesting Party has Documentation Establishing Either One of the Following: Requested/Moved For a Qualified Protective Order Qualified Protective Order Restricts PHI to Only Current Suit and Provides for Destruction or Return Upon Completion

24 Impact Upon Litigation OR Requesting Party Has Provided Written Notice to Individual of Request Sufficient Information to Place on Notice Sufficient Time to Raise Objection Time for Objection Has Passed, and No Objection, or All Objections Resolved by the Court

25 Impact Upon Litigation Subpoenas HIPAA Requires Satisfactory Assurances South Carolina Health Lawyers Attempting to Resolve All Disputes Prior to Subpoena Served On Covered Entity Letter to Individual/Attorney Advising of Upcoming Subpoena and Time to Object Cover Letter and Enclosures to Covered Entity Receiving Subpoena

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.