Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP.

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA PRIVACY AND SECURITY AWARENESS.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
THE TENTH NATIONAL HIPPA SUMMIT ELECTRONIC HEALTH RECORDS NATIONAL HEALTH INFORMATION INFRASTRUCTURE LEGAL ISSUES APRIL 7, 2005 Paul T. Smith, Esq. Partner,
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
HIPAA Health Insurance Portability and Accountability Act of 1996.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
©2002 by the National Committee for Quality Assurance NCQA and HIPAA “A match made in ?” The Fifth National HIPAA Summit Sharon King Donohue, JD General.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
HIPAA Requirements for Computer-based Patient Record Systems and the CPR Selection Toolkit Caroline Samuels MD
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
Office of the Secretary Office for Civil Rights (OCR) Enforcement and Policy Challenges in Health Information Privacy Linda Sanches HIPAA Summit Special.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Moving Health Information In An Emergency
SHARING CLINICAL DATA: Legal and Privacy Issues
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Enforcement and Policy Challenges in Health Information Privacy
Making Your IRBs and Clinical Investigators HIPAA-Ready
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Privacy and Security Update - 5 Years After Implementation
Presentation transcript:

Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP The Twelfth Annual HIPAA Summit April 11, 2006 Hyatt Regency Capitol Hill, Washington DC

Extraordinary Focus on EHR  Financial and e-services industries way ahead of health care industry in customer access and data manipulation  Technology for EHR exists in many facilities and some physician practices  AHIMA and e-HIM Initiatives bringing more exposure to potential for EHR adoption and utilization  Entrepreneurs have figured out you can make money doing this

Patient Reluctance  General distrust of “putting my information out there” overcomes acknowledgement that a universal EHR is probably a good idea –Harris February 2004 Polling Data –Harris February 2005 Polling Data –Modern Healthcare/California HealthCare Foundation November 2005 Survey  Highly publicized information security breaches aren’t helping matters  How do you buy your gas?

General HIPAA Issues  Are You Establishing a Separate Legal Entity (RHIO, CHIN)?  Covered Entity vs. Business Associate  Organized Health Care Arrangement –Definitional Problems –No Clear Guidance  State Law Pre-emption and Other Issues –Provider Licensing Statutes/Telemedicine –Notice of Privacy Practices

HIPAA Privacy Concepts Implicated by the Interoperable EHR  Authorization – 45 CFR (a)  Minimum Necessary – 45 CFR (b)  Patient Right of Access – 45 CFR  Accounting for Disclosures – 45 CFR  Physical Security - 45 CFR (c)  Verification – 45 CFR (h)  Research – 45 CFR (i)

HIPAA Security Concepts Implicated by the Interoperable EHR  Administrative Safeguards – 45 CFR –Access Management –Password Management –Verification of Risk Analysis/Assessment  Physical Safeguards – 45 CFR –Access Control and Validation –Workstation Use –Data Backup and Storage  Technical Safeguards – 45 CFR –Audit Controls –Data Integrity Procedures –Verification of Identity of Requesting Parties –Encryption

Practical Issues - Verification  What protocol to use? –Like financial access models? –Cookies/select terminal access?  No requirement for a writing under HIPAA to verify identification  Patient security concerns must be addressed here  Sharing of password(s) eliminates audit trail required by HIPAA Security Rule

Practical Issues – Record Maintenance  Record retention/destruction standards vary widely by state  “Sampling” risks –Providers –Patients  Who maintains the record? –Relates directly to issues of provider trust –How are errors corrected and posted?

Practical Issues – Release to Third Parties  No Privacy Rule accounting required for authorized releases, but Security Rule requires audit trail –How to show unique authorization? –HIPAA requires a writing and signature Security protocol and password authentication not the same –Authorization must expire (unless it doesn’t) –Revocations of Authorization  Authentication of Records – How?/Why? –Viewable or Printable? Or Both?  How Does the PHR Fit In?

Case Study – “Virtual PHR”  Web-based tool that provides a “password vault” for an individual’s access to multiple provider websites or databases  Tool accesses the provider website/database, sorts data, and places in a common format for access  Permits individuals to communicate with multiple providers in the same GUI format

“Virtual PHR” - Desired Features  Messaging  Interaction with Business Offices (pay bills, get statements)  Pre-registration  Obtain test results  Refill prescriptions/track meds/drug interactions  Request copies of individual provider EHR

“Virtual PHR” - Current Problems and Limitations  Patient-only access; shared access only by sharing password, so no HIPAA-compliant audit trail  Real-time access might release results before they can be explained by a health care provider  Misunderstandings about patient access vs. third party access overcomplicate the process  “Hub and spoke” access only; no interoperability Patient understanding limited by cultural differences and language barriers

QUESTIONS?  Answers?

Contact Info: Barry S. Herrin, Esq. Smith Moore LLP x1027 smithmoorelaw.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.