6 October 2006NHPRC Electronic Records Symposium Developing the HIPAA-Aware EAD Finding Aid The Concept of HIPAA Awareness Nancy McCall Michael Miers Phoebe.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Advertisements

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Health Insurance Portability and Accountability Act.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Informed Consent.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA
Hot Topics Legal Update Jill D. Moore, JD, MPH University of North Carolina School of Government September 2014.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Health Insurance Portability and Accountability Act of 1996
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
University of Miami1 Privacy, Confidentiality & Security Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
HIPAA Privacy and Research August 21, 2015
Health Insurance Portability and Accountability Act (HIPAA)
De-identifying Pathology Reports for Pathology Informatics
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
HIPAA – How Will the Regulations Impact Research?.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
HIPAA Health Insurance Portability and Accountability Act.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
1 The Impact of HIPAA on US Biomedical Research Presented To The: HIPAA SUMMIT Washington, DC March 28, 2003 Oliver Johnson, Chief Privacy Officer Merck.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
HIPAA PRIVACY & SECURITY TRAINING
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Privacy & Security: Medical Research Context
HIPAA & PHI TRAINING & AWARENESS
Issues in HIPAA Research Compliance
The Health Insurance Portability and Accountability Act
Office of Audit, Compliance & Privacy
The Health Insurance Portability and Accountability Act
Presentation transcript:

6 October 2006NHPRC Electronic Records Symposium Developing the HIPAA-Aware EAD Finding Aid The Concept of HIPAA Awareness Nancy McCall Michael Miers Phoebe Evans Letocha Kate Ugarte Marjorie W. Kehoe Johns Hopkins Medical Institutions

6 October 2006NHPRC Electronic Records Symposium What is HIPAA? Health Insurance Portability and Accountability Act, First federal law on access and use of health information First federal law to extend rights of privacy beyond file unit of medical record to individually identifiable health information in all types of file systems, documents, formats, and media First federal law to extend rights of privacy beyond health information of living individuals to health information of decedents

6 October 2006NHPRC Electronic Records Symposium HIPAA Privacy Rule Privacy Rule regulates access to and use of individually identifiable health information in any format and medium Applies to individually identifiable health information of living individuals and decedents in perpetuity

6 October 2006NHPRC Electronic Records Symposium Research Agenda of the Johns Hopkins Team Topic Implications of HIPAA Privacy Rule (PR) for development of privacy aware finding aid Purpose Study PR compliance requirements for research and publication Objective Develop HIPAA compliant guidelines for archival reference and research Final Goal Integrate set of PR compliance standards into development of CDA/EAD finding aid

6 October 2006NHPRC Electronic Records Symposium Research Agenda of the Johns Hopkins Team Methodologies “Learning-by-doing” Consultation with –Officials at Health and Human Services and Office of Civil Rights –Experts in health law, privacy, IT security –Archivists and historians (SAA and AAHM membership) Search of literature

6 October 2006NHPRC Electronic Records Symposium Research Agenda of the Johns Hopkins Team Major findings Privacy Rule provides viable and accountable controls for access and use of health information ⁻Controls allow multiple modes of access for research ⁻Controls for access protect individual privacy ⁻Controls allow publication of de-identified health information Controls for publication of identifiable health information require authorization of subjects or legal representatives of subjects Controls for research adaptable to CDA/EAD finding aid Controls for publication of de-identified health information adaptable to CDA/EAD finding aid

6 October 2006NHPRC Electronic Records Symposium HIPAA Applies to Entities in both Public and Private Sectors Health care providers Health systems, hospitals, clinics, group practices, individual providers Health care clearinghouses Billing services, community health information systems Health plans Group, individual health insurance, Medicare, Medicaid

6 October 2006NHPRC Electronic Records Symposium HIPAA Designation of Archives at Covered Entities HIPAA Hybrid entity Covered entity Covered function Archives HIPAA Covered entity Covered function Archives HIPAA Hybrid entity Non-covered entity Non-covered function Archives

6 October 2006NHPRC Electronic Records Symposium Designation of Archival/Manuscript Repositories at Covered Entities Confusion over designation –HIPAA applies only to institutional divisions designated as covered functions of covered entities –Individual institutions are responsible for designating own covered entities and covered functions –Criteria for designation is based on whether division/department holds and transmits identifiable health information Lack of consistent interpretation of criteria for designation –Main source of confusion at institutional/repository levels over criteria for protecting decedent and electronic health information Lack of awareness –Privacy Rule criteria for decedent and electronic health information –Changing concepts of individual privacy in Information Age

6 October 2006NHPRC Electronic Records Symposium Health Privacy at Risk! Repositories Unregulated by HIPAA have Limited Controls for Access and Use of Health Information Repositories Opted Out of HIPAA Hybrid Entities Repositories not subject to HIPAA –Wide range of public/private repositories

6 October 2006NHPRC Electronic Records Symposium Unregulated Repositories Most unregulated repositories have limited controls on access and use of decedent health information Policies largely based on long-held legal principle that rights to privacy cease upon death Some unregulated repositories are beginning to add HIPAA-like policies for access and use of decedent health information Growing awareness that decedent health information may be linked to the health status of living individuals

6 October 2006NHPRC Electronic Records Symposium Profession Must Come to Terms with Information Age Benefits Powerful new tools for converting archival documents into digital formats so that they may be made easily and widely accessible for research and publication Risks Wider accessibility via internet by a large body of new users introduces new sets of risks to privacy and intellectual property

6 October 2006NHPRC Electronic Records Symposium Forces Emerging for Greater Protection of Individual Privacy in Information Resources Growing awareness Advances in technology bring new risks to personal privacy Ethics, laws, and policy must be revised to address new risks Legislation HIPAA GLBA FERPA Options for Self-Regulation Tim Berners-Lee and CSAIL PORTIA Project TAMI

6 October 2006NHPRC Electronic Records Symposium Privacy Rule Controls for Protection of Privacy in Research Access to de-identified health information Set of 18 identifiers stripped from body of health information names geographic subdivisions smaller than a state all elements of dates (except year) telephone numbers facsimile numbers electronic mail addresses social security numbers medical record numbers health plan beneficiary numbers account numbers certificate/license numbers vehicle identifiers and serial numbers device identifiers and serial numbers web universal resource locators (URLs) internet protocol (IP) address numbers biometric identifiers full-face photographic images Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re-identification

6 October 2006NHPRC Electronic Records Symposium Privacy Rule Controls for Protection of Privacy in Research Authorized access to identifiable health information Authorization by subject of health information Authorization by legal representative of subject of health information Waiver of authorization from institutional Privacy Board Other allowed uses or disclosures ⁻Limited data set ⁻Research on decedents ⁻Treatment, payment, and health care operations ⁻Health care emergencies

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium Examples of De-identified Documents

6 October 2006NHPRC Electronic Records Symposium CDA/EAD Finding Aid to Serve as Main Portal for Access to Health Information Privacy Rule controls to embed in architecture of Finding Aid Protocols for de-identifying health information Protocols for authorizing access to identifiable health information –Links to forms for initiating interactive adjudication processes Protocols for administering authorized access to identifiable health information

6 October 2006NHPRC Electronic Records Symposium HIPAA Privacy Rule Serves as Model for Archival Access Policies Repositories not regulated by HIPAA Self-regulate in the “spirit” of HIPAA Regulated and unregulated repositories Join together to develop model of “best practices” for protection of individually identifiable health information in archival access and use

6 October 2006NHPRC Electronic Records Symposium HIPAA-Aware EAD Finding Aid Prototype to Stimulate Development of “Best Practices” Models Preserves intellectual integrity of information Imposes legal/ethical safeguards on individually identifiable health information Introduces modes of accountability in access and use of individually identifiable health information Promotes new opportunities across a wide array of disciplines for research, analysis, and publication of health information

6 October 2006NHPRC Electronic Records Symposium Promoting HIPAA Awareness to Archivists and Archival Patrons Guiding Principle: do no harm to subjects of health information Controls for access serve as protectors of personal privacy Controls for authorizing access to identifiable health information are fair and reasonable Controls provide framework for administering access and use of health information Controls allow broad access for research

6 October 2006NHPRC Electronic Records Symposium HIPAA to Finding Aid HIPAA Privacy Rule Covered Entity Privacy Board Covered Function Archives Processing Finding Aid

6 October 2006NHPRC Electronic Records Symposium References to HIPAA Legislation 1996 Health Insurance Portability and Accountability Act Public Law , Health Insurance Portability and Accountability Act (HIPAA) of 1996, 104 th Congress – 21 August Administrative Simplification of HIPAA Privacy Rule of HIPAA - National Standards to Protect the Privacy of Personal Health Information. Definitions of covered entity 45CFR – Public Welfare Subtitle A – Department of Health and Human Services Subpart A – General Provisions – 45CFR , _01.html Eighteen Identifiers 45CFR – Public Welfare Subtitle A – Department of Health and Human Services Subpart 164 – Security and Privacy – 45CFR (b) 4_01.html Privacy Board Role 45CFR – Public Welfare Subtitle A – Department of Health and Human Services Subpart 164 – Security and Privacy – 45CFR (i)(B) 4_01.html Definition of research 45CFR – Public Welfare Subtitle A – Department of Health and Human Services Subpart 164 – Security and Privacy “Research” 4_01.html 2003 Security Rule of HIPAA 21 April 2005 – Deadline for compliance HIPAA Enforcement Rule -

6 October 2006NHPRC Electronic Records Symposium References Barth, Adam, Datta, Anupam, Mitchell, John C., & Helen Nissenbaum. Privacy and Contextual Integrity: Framework and Applications. mitchell-nissenbaum pdf#search=%22H.%20Nissenbaum%2C%20Pr ivacy%20and%20Contextual%20Integrity%22 Berners-Lee, Tim. The MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). Lee/research.html Decentralized Information Group. TAMI (Transparent Accountable Datamining Initiative) Nissenbaum, Helen. “Privacy and Contextual Integrity”. Washington Law Review. Volume 79:119, “Protecting Privacy in an Information Age: The Problem of Privacy in Public”. Law and Philosophy. Volume 17, Numbers 5-6 / November, 1998 Volume 17, Numbers 5-6 / November, 1998 NYU PORTIA - portia.html PORTIA – Privacy, Obligations, and Rights in Technologies of Information Assessment. Stanford Computer Forum. PORTIA: Managing Sensitive Information in a Wired World. =55 Workshop on Privacy and Accountability, June 2006, Massachusetts Institute of Technology, MIT Stata Center (Building 32), 32 Vassar St., Cambridge, MA USA. Held in Classroom 144. Co- sponsored by PORTIA and TAMI projectsPORTIATAMI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.