© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care.

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

H OGAN & H ARTSON, L.L.P.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
HIPAA PRIVACY AND SECURITY AWARENESS.
– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,
Enhancing Communication Among Health Care and Educational Programs How Privacy Regulations Impact Delivery of Effective Services by Karl R. White National.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA – How Will the Regulations Impact Research?.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
LEGAL ISSUES IN MEDICAL HOME DEVELOPMENT Presented by: Gerry Hinkley Davis Wright Tremaine LLP
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
1 Practical Implementation of HIPAA-Compliant Consents and Authorizations Becky Buegel, RHIA HIPAA Summit West II March 14, 2002.
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.
HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
1 HIPAA: Privacy Regulations Addressing HIPAA at Harvard University Tina S. Sheldon Harvard University HIPAA Summit West II San Francisco, California March.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.
CAN THE CANNED FORMS: Practical Advice in Implementing HIPAA Privacy Policies and Forms Margaret Marchak, Esq. Rachel Nosowsky, Esq. HIPAA Summit West.
GW&T © 2002 Garfunkel, Wild & Travis, P.C HIPAA: What University Counsel Needs to Know -- The Basics NATIONAL ASSOCIATION OF COLLEGE AND UNIVERSITY.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Iowa State Association of Counties
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
HIPAA PRIVACY RULE IMPLEMENTATION – WHAT’S UP AFTER 4/14/03?
Disability Services Agencies Briefing On HIPAA
Current Privacy Issues That May Affect Your Credit Union
HIPAA Summit West II San Francisco, California March 13-15, 2002
The HIPAA Privacy Rule and Research
Presentation transcript:

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care Arrangement or Affiliated Covered Entity: Analysis of Potential Benefits and Hidden Pitfalls by Integrated Delivery System Robyn A. Meinhardt, RN, JD Foley Lardner, Denver HIPAA Summit West II March 15, 2002 San Francisco

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 2 Organizational Options n Not optional: Covered Entity status (health plans, health care providers, clearinghouses -- includes “hybrid” covered entities) n Optional: –“Organized Health Care Arrangements” (OHCAs) –“Affiliated Covered Entity[ies]” (ACEs)

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 3 Case Study: OHCA/ACE Choices in an Integrated Delivery Setting n The Hypothetical Setting: –An integrated delivery system comprised of several types of health care providers (several hospitals and their outpatient clinics; physician offices; employed physicians; a dialysis clinic that is a joint venture between a hospital and a physician group, and a nursing home) and a health plan. –Each of these components is within the same state, and they are fairly evenly distributed between rural and urban settings.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 4 What Problems Could Be Addressed? n Multiple Consents: –each hospital, physician, other provider must obtain its own HIPAA Consent from the patient before using or disclosing PHI (protected health information). n Lack of opportunity to obtain Consent –Ambulance services problem –Transfer of emergency patients from rural to tertiary before Consent obtained

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 5 What Problems Could Be Addressed? con’t n IDS entities want to continue/increase sharing PHI for common operational purposes including but not limited to QA, UR, shared financial risk –With HIPAA Consent, may use/disclose PHI to provide treatment, to obtain payment for services, and to accomplish “health care operations” –Both the OHCA and the ACE would allow sharing of PHI across participating entity lines for treatment, payment, operations purposes

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 6 Health Care Operations: n QA/QI n peer review n health care professional training, n accreditation, n licensing, n credentialing, n medical reviews, legal and auditing services n compliance programs n business planning and development (including formulary development) n business management n general administrative activities, including: –HIPAA compliance, –customer service, –grievance resolution, –due diligence in connection with asset sales, and –certain marketing and fundraising activities.)

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 7 What Problems Could Be Addressed? con’t n IDS entities use common vendors for IT, audit, legal, patient satisfaction surveys, others; they don’t want to negotiate the revision of these separately (to add Business Associate terms and to otherwise revise/renew from time to time) n A couple of the IDS entities provide Business Associate-type services to the other IDS entities (peer review consulting/medical review and assistance with accreditation preparations)

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 8 What Problems Could Be Addressed? con’t n Desire for greater control over HIPAA compliance in the IDS setting –Because under an OHCA or an ACE PHI may be shared across entity lines for treatment, payment and health care operations activities, a centralized HIPAA office could have access to PHI as needed to evaluate compliance and discuss problems with others in different locations.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 9 What Problems Could Be Addressed? con’t n The hospitals, outpatient clinics, employed physicians, the joint ventured dialysis clinic and the health plan share a set of databases that include operational, financial and protected health information. These databases are used for treatment, payment and health care operations functions.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 10 What Fits? Different Qualifications for OHCAs and ACEs n ACE participants must be under common ownership or control –Common ownership: another entity holds at least a 5% interest in all participating entities –Common control: when another entity holds the power, directly or indirectly, to significantly influence or direct the actions or policies of another entity. n In this IDS, all entities except non-employed medical staff members are under common control

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 11 Different Qualifications between OHCAs and ACEs n For the OHCA option, this IDS must fit within one of 2 (of the 5) types of OHCAs: –(1) a clinically integrated setting, or –(2) entities hold themselves out to public as participating in a joint arrangement, and participate in joint activities, including at least one of: n UR, QA&I, or joint payment activities involving shared financial risk.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 12 Benefits Common to Each Option –May share PHI across participating entity lines, for treatment/payment/operations purposes –Participants are exempt from having Business Associate agreements with each other (for services contracts that involve PHI disclosure)

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 13 Benefits Common to Each Option, con’t n May use a Joint Consent IF a Joint Notice also used –Helps to ease consent burden among participating covered entities n May be difficult to agree on Joint Notice -- especially if more than one state involved n May have one Business Associate agreement with a common vendor to participants

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 14 Differences in Options n In ACE arrangements, all participants constitute one covered entity: –May have only one privacy officer, if desired –MUST use a Joint Notice (but note difficulty -- not impossibility -- with multiple state laws that are contrary to and more stringent than HIPAA) –Requests for accounting, access or amendment apply to all participants –**Cannot share PHI between provider and plan participants unless patient receives services from both

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 15 Differences in Options, con’t n This is the “504(g)(2) problem” that ACE arrangements involving both providers and plans have –can’t intermingle database of PHI unless patient involved in both the payor and the provider services n In OHCA arrangements, justification for sharing PHI across participants must be documented, but there is no prohibition of HCP/HP sharing

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 16 Differences in Options, con’t n Our hypothetical IDS chooses the OHCA option in order to avoid the 504(g)(2) problem; what OHCA-specific problems does it now have? –Who should participate in the OHCA? n Employed physicians are workforce; what about other Medical Staff members -- and their practice partners? call partners? allied health practitioners? physicians they refer to? Ambulance service providers? etc. n How to communicate participating/nonparticipating Medical Staff members in Notice and Consent?

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 17 Differences in Options, con’t –Potentially overlapping circles of OHCAs n What if the non-employed physicians participate in more than one OHCA? should consider either using a Common Notice of Privacy Practices across all circles, versus keeping databases segregated and identified to the Notice that applies to it. –Not clear whether, in the “clinical integration” OHCA model, whether PHI may be shared only for the integrated activities. –Must document rules and basis for sharing PHI across entity lines

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 18 Both Options: Potential Problems/Issues: –The degree to which either option increases “joint and several” liability risks n HIPAA declares that participants in ACE are each liable for their own HIPAA compliance -- but this does not affect lawsuits, etc. –If Joint Consent is the impetus, consider whether agreement can be reached on Joint Notice

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 19 Both Options: Potential Problems/Issues, con’t –Does more stringent state law on consent/authorization mandate permission every time a disclosure is made to a separate legal entity? –What will OHCA or ACE status actually have on “outside” relationships? n Not a legal entity, unless action taken to make it so n Can the OHCA enter into contracts on behalf of participants? –Method of oversight of participants and of termination

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 20 Both Options: Potential Problems/Issues, con’t –HIPAA does not provide antitrust immunity for either OHCA or ACE options: what is the risk? n For sharing PHI for operations purposes n For sharing PHI for payment (i.e., financial) purposes n Of selecting some but not all competitors to participate in OHCA –(not our fact situation, but would have excluded non- employed physicians if ACE had been chosen)

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 21 Both Options: Potential Problems/Issues, con’t n How best to document the designation and rights/responsibilities of the participating entites –HIPAA does not define –State law may impact –Probably should include board resolutions, contract, various policies and procedures, Consent and Notice forms as applicable, etc.

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 22 Both Options: Potential Problems/Issues, con’t n Documentation should include agreements as to: –Administrative authority for the arrangement - - who’s in charge –Assignment of formal contracting authority, as applicable, and any limits on that authority –How to manage/communicate changes in privacy practices that could affect a Joint Notice

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the MASTER SLIDE, delete the logo on the slide and replace it with this logo. 23 Both Options: Potential Problems/Issues, con’t –How to communicate receipt and revocation of a Joint Consent –How to minimize related liability (indemnity, insurance, compliance audits, other) –Removal/withdrawal of participants -- reasons and methods –Method of and reasons for termination of the arrangement –Effects of removal/withdrawal/termination on shared PHI going forward

© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Questions? Robyn A. Meinhardt, RN, JD Foley Lardner 1999 Broadway, Suite 2270 Denver, Colorado

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.