– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

H OGAN & H ARTSON, L.L.P.
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
HIPAA PRIVACY AND SECURITY AWARENESS.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
Davis Wright Tremaine LLP Basic Legal Issues in Implementing Healthcare Incentives and Pay for Performance Programs Paul T. Smith, Esq. Davis Wright Tremaine.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.
HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
© 2004 Moses & Singer LLP HIPAA and Patient Privacy Issues Raised by the New Medicare Prescription Drug Program National Medicare Prescription Drug Congress.
© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care.
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
manatt | phelps | phillips
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
National Congress on Health Care Compliance
Making Your IRBs and Clinical Investigators HIPAA-Ready
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Analysis of Final HIPAA Privacy Modification Rule
Presentation transcript:

– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles, CA Austin M. O’Flynn, Esq. Senior Counsel, Catholic Healthcare West, San Francisco, CA Thursday, September 8, 2005 Washington, DC

Slide 2 Issues Addressed Legal vs. Operational Relationships Hybrids ACE – Regulatory Enforcement Basic Organizational Structures and Strategies Enforcement Table Collaboration Types involving PHI CHW HIPAA Org Chart Customizing Authorizations NPP in terms of ACE and Websites postings

Slide 3 Capturing the Right HIPAA Org Structure District Hospital Medical Foundation Physicians J.V. Clinics H. Health 501(c)3 Educ. 501(c)3

Slide 4 Basic organizational structures and strategies ACE – horizontal integration Organized Health Care Arrangements (OHCAs) – vertical integration Hybrids – internal segregation Authorizations to permit disclosures between separate entities – external segregation

Slide 5 Legal Relationships v. Operational Relationships Legal Wholly owned subsidiary of parent Separate entities with a common parent Supporting organization (e.g. foundation) Joint venture Operational Health system of multiple hospitals Hospital and freestanding clinic Hospital and research facilities Health clinic and social services

Slide 6 Hybrids Single legal entity Covered entity Business functions include both covered and non-covered functions Designates health care components that includes any component that would be a covered entity if a separate legal entity

Slide 7 Covered Entity (CE) Identification necessary for patient enforcement Responsible for PHI Exercise of patient rights Notice of Privacy Practices (NPPs) Separate covered entities Share PHI for treatment and payment Limited sharing for operations

Slide 8 Affiliated Covered Entity (ACE) CEs that are under common ownership or control may designate themselves as a single ACE. “Common ownership is defined as an ownership or equity interest of five percent or more.” Common control exists if an entity has the power - directly or indirectly - to significantly influence or direct the actions or policies of another entity. If the affiliated entity contains health care components, it must implement safeguards to prevent the larger entity from using protected health information maintained by the component entity. Privacy Rule, December 2000 Preamble

Slide 9 Organized Health Care Arrangement (OHCA) 1. A clinically integrated care setting in which individuals typically receive health care from more than one healthcare provider (legally separate); or 2. An organized system of health care in which more than one CE participates, and they: (i) hold themselves out to the public in a joint arrangement, and (ii) participate in one or more of the following joint activities -- Utilization review, Quality Assessment and Improvement activities, Shared Risk Pool Program Note: an Acknowledgment obtained by one CE means the other CEs do not need to also seek one.

Slide 10 Basic organizational structures and strategies - ACE An ACE may use a single NPP as if it were a single CE The CEs that together make up the ACE are jointly and severally liable for any civil monetary penalty under HIPAA An Authorization (beyond TPO) is sufficient for all CEs – not so for an OHCA California --Title 22 limitation on ACE structure Minimum necessary still applies

Slide 11 Basic organizational structures and strategies - OHCA An OHCA may use a single NPP, just like a covered entity for all its activities. The CEs that together make up the OHCA are NOT jointly and severally liable for any civil monetary penalty under HIPAA. An Authorization (beyond TPO) is NOT sufficient for all CEs May need more BAA’s in place Minimum necessary still applies

Slide 12 Basic organizational structures and strategies - Hybrid Applies to multi-purpose organizations Limits exchange of PHI between health care components and non-health care components Rules on permitted uses and minimum necessary may otherwise limit such exchanges Minimizes regulatory burden on non-health care components

Slide 13 Basic organizational structures and strategies - Authorizations Trumps HIPAA’s limitations on use and disclosure of PHI between Components of a single CE Two CEs A CE and a non-CE Allows for use on health information for other purposes (e.g. education, social services, surveillance, research)

Slide 14 Customizing Authorizations To provide additional requirements required under State law To provide for use and disclosure of non-health related information subject to regulations Financial information Educational records Employment information Limitation on compound authorizations

Slide 15 Different Structures  Different Patient’s Rights Title 22 Limitations -- California Managing Patient Rights Alternative Communication Accounting for Disclosures Is disclosure on behalf of CE or ACE? Approval of Restrictions and communication to all HIPAA entity members Who receives Complaints and maintains required documentation on behalf of hospital, CE and ACE? Who within ACE manages NPP Acknowledgements for hospital, CE, and ACE?

Slide 16 Enforcement Issues Patient’s rights against CE OCR rights actionable against ACE/OHCA/CE A broader organization  expectation Size of Organization  Resources  Ability of Organization ACE may be viewed as larger than an OHCA which may be viewed as larger than a CE

Slide 17 HIPAA Enforcement Table Rights ofCEBAOHCAACE*Hybrid PatientsYesNo Yes OCRYesNo**NoYes *Good uniform controls? *Consider Number of OCR “dings” and penalty caps **Yes if BA is already a CE

Slide 18 Examples of Collaboration Types where PHI may be exchanged Joint Ventures Management Agreement (e.g. District Hospitals) Medical Foundations Multi-purpose agencies – Social Service Groups Research

Slide 19 Examples of Collaboration Types where PHI may be exchanged Education/Schools Public health Surveillance Electronic Community Health Records

Slide 20 Capturing the Right HIPAA Org Structure District Hospital Medical Foundation Physicians J.V. Clinics H. Health 501(c)3 Educ. 501(c)3

Slide 21 HIPAA Org Documentation The designation of an affiliated covered entity must be documented and the documentation maintained as required by § (j).

Slide 22 CHW HIPAA Organization Chart Part A - List of hospitals and clinics and other entities and business units who may or may not be covered entities and their HIPAA status within CHW. Part B - List of 501(c)(3) fundraising foundations and their relationships to covered entities within the CHW ACE. Part C - List of plans, both insured and self-insured, and plan administrators. Part D - List of entities in which CHW or its affiliate may have an ownership interest but does not have management responsibility nor operating responsibility.

Slide 23 CHW HIPAA Org Chart – Part A 1.Level 1 Legal Entity 2.Level 2 Legal Entity or d/b/a 3.Level 3 Legal Entity or d/b/a 4.Level 4 Legal Entity or d/b/a 5.If Joint Venture, Managed or Operated by CHW Facility? 6.Using PHI? 7.Name of Hybrid (if applicable) 8.Name of Non-Covered Component 17 Columns – remaining 9 columns cont’d on next slide 

Slide 24 CHW HIPAA Org Chart – Part A 9.Name of CE 10.Name of ACE 11.Primary OHCA 12.Other OHCA 13.BA 14.Name of NPP 15.Hospital President 16.Hospital/ Facility FPO 17.Comments

Slide 25 Who Documents HIPAA Org? Recommendations Single Custodian Documentation needs to reflect both your legal and operational reporting structure Readily accessible internally Internalize HIPAA Org analysis into legal check off process for creating or changing status of JV’s, partnerships, new corporations, 501(c)’s and other entities Annually review and update

Slide 26 HIPAA Org Annual Review Who should be involved? Custodian of HIPAA Org Document Hospital/Facility Administrator Legal Counsel Privacy Official Marketing and Communication Dept 501(c) President Benefits Director

Slide 27 Notice of Privacy Practices (NPP) Different for each CE Must be consistent  Org Chart clinics hospital Non-HIPAA provisions related to other requirements (e.g. education, financial) If website supports multiple CEs No ACE NPP  post all NPPs ACE NPP  only One NPP

Slide 28 Closing Thoughts Identify and distinguish legal and operational relationships Document your organization structure Make sure CE or health care component of hybrid maintains control and custody of medical records Authorizations may be the easier solution, business associate agreements are not when providing integrated services

Slide 29 Contact information Thomas E. Jeffry, Jr. Davis Wright Tremaine (213) Austin M. O'Flynn, Esq. Catholic Healthcare West (415)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.