H OGAN & H ARTSON, L.L.P.

Slides:

Advertisements

Similar presentations

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.

Advertisements

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

Steps to Compliance: Managing Business Associates PRESENTED BY.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Rule Training

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Collaborative of Wisconsin PAYMENT, COLLECTIONS, AND ACCEPTED BENEFITS FURTHER DEFINITION OF THE PRIVACY RULE Copyright HIPAA Collaborative.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA Business Associates Leadership Group Meeting June 28, 2001.

– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.

Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.

HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care.

A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

GW&T © 2002 Garfunkel, Wild & Travis, P.C HIPAA: What University Counsel Needs to Know -- The Basics NATIONAL ASSOCIATION OF COLLEGE AND UNIVERSITY.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

HIPAA Privacy Rule Training

Privacy & Information Security Basics

Enforcement, Business Associates and Breach Notification. Oh my!

Iowa State Association of Counties

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA Administrative Simplification

HOGAN & HARTSON, L.L.P. “Publications” “Health”

Disability Services Agencies Briefing On HIPAA

Business Associate Contracts: Time Is Running Out . . .

Analysis of Final HIPAA Privacy Modification Rule

Presentation transcript:

H OGAN & H ARTSON, L.L.P.

HIPAA Special Issues: Making Compliance Possible Donna A. Boswell Fall 2002 H OGAN & H ARTSON, L.L.P.

THE Secret to HIPAA: Responsibility Belongs Where You Say It Does Rule applies directly to a covered entity A corporate entity, partnership or foundation can narrow its scope of liability through the hybrid entity rules. The OHCA rules can be used to streamline administrative burdens and liability A covered entity can voluntarily expand the scope of its liability by entering into a business associate relationship, or by using the affiliated entity rules.

H OGAN & H ARTSON, L.L.P. The Compliance Goal: Getting A Handle On Costly Administrative Requirements Acknowledgement/intake process Authorizations and revocations Access/amend/accounting Restricted communications Requests for restricted use/disclosure Employee training and firewalls (and developing policies/systems for same)

H OGAN & H ARTSON, L.L.P. Just tell me what I have to do -- Why do I care about these? covered entity hybrid entity health care component business associate non-covered provider OHCA workforce Perhaps the most critical implementation challenge for lawyers is establishing the relationships between these HIPAA structures and the legal entities and individuals that must implement the requirements.

H OGAN & H ARTSON, L.L.P. HIPAA Entities Are Not Corporate Persons

H OGAN & H ARTSON, L.L.P. HIPAA Entities Are Designations in Compliance Documentation and/or Notice

H OGAN & H ARTSON, L.L.P. Tell me the Hybrid Entity Story… Hybrid entity: A single legal entity that is a covered entity whose business activities include both covered and non-covered functions That designates health care components (HCCs) in accord with the rule. –Must not leave any covered entity outside of a HCC –May include only a component that performs a covered function or an internal BA

H OGAN & H ARTSON, L.L.P. The Hybrid Entity Lived Happier in HIPAA Land Because… A rule reference to covered entity refers to HCC –(e.g., policies for workforce uses, disclosures, minimum necessary, training, security) A rule reference to protected health information refers to PHI created or received by/behalf of the health care component. –(e.g., access/inspect/amend/accounting; fundraising)

H OGAN & H ARTSON, L.L.P. Compliance Teamwork: Using OHCAs To Pool Obligations and Limit Liability When a HIPAA entity has a legal obligation-- –Who -- what corporate or living person -- may perform it? –How do you address apparent agency issues? When does performance count as compliance for a particular entity? –Who is liable if it is not performed?

H OGAN & H ARTSON, L.L.P. Organized Health Care Arrangements 1. Clinically integrated care setting in which individuals typically receive care from more than one provider. 2. Organized system of care -- Hold themselves out as joint arrangement, and participate in joint activities (UR, QA, PMT risk) 3. Group plan and HII or HMO 4. 2 or more group plans of same sponsor 5. 2 or more group plans and HMOs, HIIs

H OGAN & H ARTSON, L.L.P. OHCA Facts Is a definition only; not a required designation. May have a joint notice; need not have the same P&Ps Need not have BAAs for joint activities of the OHCA May include non-covered providers A living human being can be in an OHCA and be a separate covered entity (or non-covered provider) – no special designation required A covered entity can be in more than one OHCA

H OGAN & H ARTSON, L.L.P. OHCA Issues and Utility A tool for managing apparent agency liability & consumer protection issues. Designation via Notice, which also can establish responsibility for authorizations, revocations, and exercise of certain rights (e.g., confidential communications, restrictions) Policies and procedures – a HIPAA designation option

H OGAN & H ARTSON, L.L.P. Special Liability Issues Who will sign business associate agreement for the OHCA? When a use is authorized, are there restrictions on who may do it? When a disclosure is authorized, are there restrictions on what the recipient may do with the information? Does the entity that is authorized to disclose have legal obligations after doing so?

H OGAN & H ARTSON, L.L.P. Business Associate Agreements: Expansions of Liability On behalf of such covered entity…performs or assists in the performance of: –(A) A function or activity involving the use or disclosure of …[PHI], or –(B) Any other function or activity regulated by this subchapter, or …legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services… [involving PHI]

H OGAN & H ARTSON, L.L.P. BA Issues? (P ) A third party is not your BA if PHI is for: –A covered function (e.g., treatment, payment), unless for the third party is performing the function on your behalf (e.g., billing) –A non-covered function, whether or not on your behalf, that is a disclosure permitted by the regulation (e.g., research, law enforcement, public health reporting) –An activity where PHI access is incidental

H OGAN & H ARTSON, L.L.P. Why not do a BA -- to be sure? Belts and suspenders do not help – you need only one compliance mechanism If you have a BA agreement with a third party: –all information transfers and all uses by the BA become uses by the CE -- if the BA activity is not a permissible use (i.e., TPO) the agreement is evidence of a CE violation –CE must cure, mitigate or report known violations –for each patient request of an accounting, you must have a mechanism to check BAs disclosures for purposes of providing the accounting.

H OGAN & H ARTSON, L.L.P.