OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA 94111 (415) 276-6532

Slides:

Advertisements

Similar presentations

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Advertisements

H OGAN & H ARTSON, L.L.P.

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Rule Training

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

HIPAA Administrative Simplification Final Rule for Transactions Code Sets Stanley Nachimson

Presented by the Office of the General Counsel An Overview of HIPAA.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Collaborative of Wisconsin PAYMENT, COLLECTIONS, AND ACCEPTED BENEFITS FURTHER DEFINITION OF THE PRIVACY RULE Copyright HIPAA Collaborative.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

HIPAA Business Associates Leadership Group Meeting June 28, 2001.

– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,

Company LOGO Data Privacy HIPAA Training. Progress Diagram Function in accordance Apply your knowledge Learn the Basics Orientation Evaluation Training.

Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA – Developing an Understanding

1 Ethics For the Employee Benefits Agent.  Ethics – defined as a principle of right or good conduct; a system of moral principles or values; the rules.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

HIPAA – How Will the Regulations Impact Research?.

Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,

Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.

September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.

HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.

HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?

© 2004 Moses & Singer LLP HIPAA and Patient Privacy Issues Raised by the New Medicare Prescription Drug Program National Medicare Prescription Drug Congress.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care.

A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.

HIPAA Health Insurance Portability and Accountability Act.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

Confidentiality of Substance Use Disorder Treatment Information in an Era of Integration and Health Information Exchanges Ellen Weber University of Maryland.

GW&T © 2002 Garfunkel, Wild & Travis, P.C HIPAA: What University Counsel Needs to Know -- The Basics NATIONAL ASSOCIATION OF COLLEGE AND UNIVERSITY.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

HIPAA Privacy Rule Training

UNDERSTANDING WHAT HIPAA IS AND IS NOT

Iowa State Association of Counties

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA CONFIDENTIALITY

HIPAA Administrative Simplification

HOGAN & HARTSON, L.L.P. “Publications” “Health”

Electronic Data Interchange (EDI)

Paul T. Smith Davis Wright Tremaine LLP

Privacy for Compliance Professionals

HIPAA Privacy The Morning After

NATIONAL HEALTH INFORMATION TECHNOLOGY AUDIOCONFERENCE NOVEMBER 23, 2004 Legal Barriers to the Adoption of Health Information Technology Paul T. Smith,

Business Associate Contracts: Time Is Running Out . . .

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Advanced Issues in Business Associate Contracting

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Analysis of Final HIPAA Privacy Modification Rule

Presentation transcript:

OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415) HIPAA Summit West III June 5, 2003

1 Complex Organizations  Affiliated covered entity  Hybrid entities  Organized health care arrangements  Group health plans and their sponsors and insurers

2 Affiliated Covered Entity  Separate covered entities under common ownership or control may designate themselves a single covered entity –Ownership means an interest of 5% or more –Control means significant influence  Treated a single entity under HIPAA

3 Hybrid Entities  Covered entity that has covered and non-covered functions  Must designate health care components  Covered with respect to its health care component  May not disclose PHI to other components, except as permitted to third parties (but it doesn’t need BA agreements among its components)

4 Organized Health Care Arrangements  Three kinds: –Clinically integrated setting involving more than one provider –A health care system that holds itself out as a system and has shared UR, QA or risk payment arrangements –Group health plan and its insurer or HMO  No designation required

5 Organized Health Care Arrangements  Covered entities in an OHCA –May share information for health care operations of the OHCA (45 CFR (c)(5)) –May agree to use a joint notice of privacy practices (45 CFR (d)) –Are not necessarily one another’s business associates (45 CFR – definition of “Business Associate”)

6 Examples  Hospital and independent medical staff  Health system  Provider contracting network

7 Hospital and Independent Medical Staff  Integrated care setting OHCA  Covered entities in OHCA may –Use a joint notice of privacy practices If they agree to it –Share PHI for purposes of OHCA Treatment Operations –Are not one another’s business associates  Are all the physicians covered entities?

8 Health System Health System Holding Company (No health care functions) Hospital (Covered Entity) Clinical Laboratory (Covered Entity) Primary Care Clinic (Not covered)

9 Health System  Affiliated covered entity –Which organizations may participate? –Should the covered entities be an ACE? Consolidated privacy administration –Shared notice of privacy practices –Shared privacy official –Shared responsibility for compliance Sharing of PHI –For treatment –For operations

10 Sharing Information for Operations  Inside an ACE, limited only by minimum necessary rule  Outside an ACE, requires relationship with individual, and limited to: –Quality assessment and improvement –Population-based health improvement or cost reduction activities –Protocol development –Case management and care coordination –Notification about treatment alternatives –Peer review and credentialing –Professional training –Licensing, accreditation and certification –Fraud and abuse compliance

11 Health System  Organized health care arrangement –Does it qualify? Shared UR, QA or risk payment arrangements –Advantages Joint notice of privacy practices Ability to share PHI for purposes of OHCA

12 Health System Health System Holding Company (No health care functions) Hospital (Covered Entity) Clinical Laboratory (Covered Entity) Primary Care Clinic (Not covered) Business associate relationships

13 Provider Contracting Network Independent Practice Association Health Plan Risk contract IPA MD Subcontracts MD

14 IPA Physicians as an OHCA  Covered entities in an OHCA –Can share information for the OHCA –Can use a joint notice of privacy practices –Are not one another’s business associates

15 The IPA Entity  Is it-- –A health care provider? –A health plan? –A health care clearinghouse? –A business associate?

16 Who is a Health Care Provider?  A provider of medical or health services  Any other person or organization who furnishes, bills or is paid for health care in the normal course of business. Is a treatment relationship required?

17 Health Plans  16 specific kinds (not including PHOs and IPAs), plus  “Any other individual or group plan... That provides or pays for the cost of medical care.”

18 What is a “Plan”? A plan--  Offers a plan of benefits  Has an insurance function A PHO—  Contracts with licensed plans  Shares financial risk among providers Commentary to the regulations treats an IPA as an arrangement of physicians, and ignores the entity.

19 Business Associates  CEs must have contracts with business associates –BA is any contractor that has access to PHI to assist the CE –But a contract not required for disclosures to providers for treatment  The contract must require the BA to: –Safeguard the confidentiality and security of the PHI –Restrict uses and disclosures to those permitted to the CE –Return or destroy PHI on termination, if feasible

20 IPA as Business Associate  Health plans  Physician contractors –Risk contracts –PPO contracts –Administrative services

21 Business Associates Contract Terms  No use or disclosure of PHI not permitted for CE  Safeguards to prevent unauthorized use or disclosure  Report unauthorized disclosures to CE  Ensure subcontractors comply with same restrictions  Make PHI available to individuals for access and accounting  Make records available to DHHS for compliance  Return or destroy all PHI upon termination

22 Transactions Standard Transactions  Claims or encounter information  Health plan eligibility  Referral certification and authorization  Health care claim status  Enrollment and disenrollment  Payment and remittance advice  Premium payments  Coordination of benefits  First report of injury  Claims attachment Deferred:

23 Transactions Requirements for Covered Entities  Providers don’t have to conduct electronic transactions, but they must use the standards if they do  Health plans must-- –use the standards for electronic transactions –accept standard transactions from providers, and process them promptly  Providers and plans may use clearinghouses to comply  CEs are not permitted to vary the standards

24 Is the IPA a Clearinghouse? A clearinghouse...  Processes health information received from another entity in a nonstandard format... into standard data elements  Or vice versa

25 Where is the Transaction? (Assume a risk contract)  Provider submits claim to IPA –Covered transaction (?)  IPA submits encounter data to plan –Not a covered transaction (?)

26 IPA as OHCA  Organized Health Care Arrangement: –A health care system that holds itself out as a system and has shared UR, QA or payment arrangements –Clinically integrated setting involving more than one provider –Group health plan and its insurer or HMO

27 Organized Health Care Arrangement  Covered entities participating in an OHCA-- –Are not one another’s business associates –May use a joint notice of privacy practices for the OHCA  Is the IPA a covered entity?