Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.

Published byJulian Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002."— Presentation transcript:

1 HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002

2 The purpose... is to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule’s provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule. Final Rule, August 14, 2002 The Final Rule: Changes

3 Written acknowledgment replaces written consent Disclosure allowed for other covered entities’ treatment, payment and some health care operations Incidental disclosures are not privacy rule violations Authorized disclosures exempt from accounting requirement The Final Rule: Positive Changes for Hospitals

4 Business associate compliance delayed for up to one year for certain existing contracts Creation of limited data set and clarification of de-identification safe harbor The Final Rule: Positive Changes for Hospitals (cont.)

5 “The notice acknowledgment process is intended to alert individuals to the importance of the notice and provide them the opportunity to discuss privacy issues with their providers.” Flexibility in designing the process Good faith effort required (HHS’s promise re “good faith”: future guidance through FAQs or other materials in response to specific scenarios raised by field) Not required in emergency situations Option to get consent remains and providers have “complete discretion in designing the consent process” Written acknowledgment replaces written consent

6 “The proposal would broaden the uses and disclosures that are permitted without authorization as part of treatment, payment, and health care operations so as not to interfere inappropriately with access to quality and effective health care, while limiting this expansion in order to continue to protect the privacy expectations of the individual.” PHI must pertain to the relationship Allowed where other covered entity’s relationship is past relationship Limits scope of health care operations of other covered entity for which PHI may be so used or disclosed Allows disclosures to or by a business associate Disclosures allowed for other covered entities’ treatment, payment and some health care operations

7 “The Privacy Rule must not impede essential health care communications and practices. Prohibiting all incidental uses and disclosures would have a chilling effect on normal and important communications among providers, and between providers and their patients, and, therefore, would negatively affect individuals’ access to quality health care.” Secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a by- product of an otherwise permitted use or disclosure Any permissible use or disclosure made to any person Must still apply appropriate safeguards (§164.530(c)), and minimum necessary requirements (§§164.502(b),164.514(d)) No need to include in accounting of disclosures Incidental disclosures are not privacy rule violations

8 “[A]ccounting for authorized disclosures d[oes] not serve to add to the individual’s knowledge about disclosures of protected health information.” Also exempt from minimum necessary requirements Authorized disclosures exempt from accounting requirement

9 “The transition provisions are intended to address the concerns... that the two-year period between the effective date and compliance date... is insufficient to reopen and renegotiate all existing contracts... [to] bring[ ] them into compliance with the Rule. These provisions also provide covered entities with added flexibility to incorporate the business associate contract requirements at the time they would otherwise modify or renew the existing contract.” Must be a writing prior to effective date of modification Applies only to those not renewed or modified prior to the April 14, 2003 New model language provided Business associate compliance delayed for up to one year for certain existing contracts

10 Not relieved of the responsibilities : to make information held by a business associate available to the Secretary respecting individual’s rights (access, amend, accounting of disclosures Required to mitigate, to the extent practicable, any harmful effect known of a use or disclosure of protected health information by its business associate (§164.530(f)) Business associate compliance delayed for up to one year for certain existing contracts

11 “We have created the limited data set option because we believe that this mechanism provides a way to allow important research, public health and health care operations activities to continue in a manner consistent with the privacy protections of the Rule.” AHA has called for creation of a limited data set of “facially de-identified” data (admission and discharge dates, service dates, date of death, age, 5-digit zip codes) expressly excepted from the listed safe harbor identifiers re- identification code or other means of record identification permitted by §164.514(c) Now includes age Creation of limited data set and clarification of de-identification safe harbor

12 Fundraising restrictions remain unchanged Business associate agreement still required between two covered entities HHS declines to provide a business associate certification process Sample business associate agreement continues to include some optional provisions that hospitals may not want to include in their business associate agreements The Final Rule: Some Disappointments

13 No mitigation for covered entities’ liability and individual rights obligations with regard to their business associates during “deemed compliance” period HHS declines to exempt disclosures for public health and health oversight purposes from the accounting of disclosures requirement The Final Rule: Some Disappointments (cont.)

14 AHA urging phase-in of enforcement First 2 years after compliance date HHS to focus on education and technical assistance, not fines and penalties Congressional interest in phase-in approach Letter from Rep. Hobson (R-OH) to HHS Secretary Thompson dated July 15, 2002 Compliance = April 14, 2003

15 Currently proposed only HHS’s latest promise on publication: October 2002 No potential conflict between of privacy and security requirements (Preamble, Final Rule, August 14, 2002) Security Rule will apply only to electronic health information systems HHS, in preparing final Security Rule, is working to ensure it works “hand in glove” with Privacy Rule requirements A Word on the Security Rule

Download ppt "HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002."

Similar presentations

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Similar presentations

Ads by Google