HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.

Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

HIPAA AWARENESS TRAINING

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA Privacy Rule Training

COBRA and HIPAA What Supervisors Need to Know. © Business & Legal Reports, Inc Session Objectives You will be able to: Understand the basic provisions.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

School-Based Health Centers & Confidentiality: Understanding FERPA & HIPAA Laurie Mesibov & Jill Moore UNC School of Government December 2012.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Health Insurance Portability and Accountability Act (HIPAA)

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,

1 Disclosures © HIPAA Pros 2002 All rights reserved.

Health Insurance Portability and Accountability Act (HIPAA)

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Where Did HIPAA Come From? “HIPAA Then and Now” Peter Swire Georgia Tech Scheller College of Business Alston & Bird LLP IAPP-Las Vegas 2015.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

Health Insurance Portability and Accountability Act

HIPAA Privacy Rule Training

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA Administrative Simplification

Health Insurance Portability and Accountability Act

HIPAA Pros - Disclosures

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

"Security and Privacy After September 11: The Healthcare Example”

Health Insurance Portability and Accountability Act

Presentation transcript:

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference October 23, 2002

Overview n Basics of HIPAA and other laws n Other federal laws: – FERPA, Privacy Act, etc. n HIPAA and Financial Services n Conclusion

I. Basics of HIPAA and Other Laws n When are you required to disclose medical data? n Much confusion on this during drafting period n Basic HIPAA approach -- HIPAA itself never requires disclosure n Exactly two exceptions – Access to patient records, Sec – HHS enforcement of the rule, Sec (c)

Required by Law n Many situations where other law requires you to disclose medical data – Most clearly for a court order – Not a HIPAA violation to comply n Sec (a): A covered entity may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.

Basics on required disclosures n HIPAA (almost) never requires disclosure n HIPAA generally creates new legal limitations on using and disclosing PHI n HIPAA says you may disclose where required by other law n Its your call what you are required to do -- HIPAA doesnt give the answer n Both HIPAA and other law apply

The Privacy Act as Example n Law applies to federal agencies, with fair information practices limiting disclosure and providing access n As of April, 2003 federal agencies will comply with both laws, where applicable n HIPAA enforcement for HIPAA violations n Privacy Act enforcement for Privacy Act violations

EMTALA as Example n Requires treatment on site where patient arrives in emergency situation n HIPAA applies -- must protect PHI but can use & disclose it more broadly for treatment, payment & health care operations n EMTALA applies -- a separate, ongoing legal requirement

Public Health & Health Oversight n Public health, Sec (b) n Health oversight, Sec (d) n Both say covered entity may disclose n No new compulsion from HIPAA to require the disclosure n If a covered entity believes disclosure is not appropriate, and disclosure is permitted by HIPAA, then the other law governs

II. HIPAA Provisions about Other Law n Some provisions in HIPAA specifically point to other statutes as supplying the applicable law n Workers Comp, Sec (l) – May disclose as authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault – Required vs. permissive disclosure the key

FERPA -- Educational Records n In HIPAA: – Definition of protected health information excludes – educational records covered by – the Family Educational Rights and Privacy Act, 20 U.S.C. 1232g n Therefore, if records covered by FERPA, no HIPAA obligations

FERPA n Educational records are: – those records, files, documents, and other materials which – contain information directly related to a student; and – are maintained by an educational agency or institution or by a person acting for such agency or institution

What Does this Mean for Schools n K-12 nurses -- clearly only have FERPA and not HIPAA n Universities and schools serving over 18 years old -- right to the student instead n What if student health services also serve non-students? Spouses, employees? – Legally, HIPAA applies to those – Practically, keep separate?

HIPAA and the End of College Athletics! n Will we learn that the quarterback is hurt? Will sports gamblers be able to pursue their chosen profession? n FERPA -- governs school athletes, authorizations required as today n Pro sports -- authorization can be required by the employer – Will union contracts limit that?

III. HIPAA & Financial Services n Gramm-Leach-Bliley & HIPAA n 2 statutes, comply with both n Does that mean 2 notices for covered entities? n GLB came first – GLB agencies contemplated that compliance with HIPAA would count for GLB notice – I am not aware of any follow-up clarification by GLB agencies

GLB & HIPAA n HHS comments, Dec – agencies consult to avoid duplication – insurers covered by GLB would be subject to states, not FTC n The upshot: – Health insurers or other dual covered entities likely can give only HIPAA notice – No definitive word from GLB agencies, though

HIPAA and Financial Services n The payment exception in HIPAA Sec n Easy case – Check, credit card and the basic routing information – Name, account numbers, what is needed to process the payment itself – That data entirely outside of HIPAA

Payments and HIPAA n Back office – As financial institution goes deeper, and does back office for a covered entity, HIPAA risk grows – At some point, become business associate n Clearinghouse – Convert standard/nonstandard transactions – Specialized financial services entity, can become a covered entity

Conclusion on Other Fed. Laws n Disclosure required by other law, then at least may disclose PHI n Disclosure permitted by other law, then HIPAA limits apply n Disclosure forbidden by other law, then HIPAA does not authorize the disclosure (with tiny possible exceptions)

Contact Information n Web: n n Phone: (240)