Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C. 202.719.7335

Published byPenelope Hensley Modified over 8 years ago

Similar presentations

Presentation on theme: "Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C. 202.719.7335"— Presentation transcript:

1 Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C. 202.719.7335 KNahra@WRF.com March 26, 2003

2 Wiley Rein & Fielding LLP2 Key Issues HIPAA 301 For covered entities, employers and business associates Key remaining issues Advice/issues to watch out for

3 Wiley Rein & Fielding LLP3 State of the Play Compliance is all over the map Major health insurers are generally in reasonable shape – “the leader of the behinds” Physicians are way behind Hospitals in reasonably good shape Groups/employers are way behind Many vendors/business associates are way behind

4 Wiley Rein & Fielding LLP4 NCVHS Letter/Comments NCVHS/ (National Committee on Vital and Health Statistics) is an advisory body for HHS on HIPAA. Their recent comments: “Surprised and disturbed” at the generally low level of implementation activities and the high levels of confusion and frustration Many providers have never heard of HIPAA and do not think it applies to them Likelihood of “widespread disruption” of the health care system as we approach April 14, 2003

5 Wiley Rein & Fielding LLP5 NCVHS Letter/Comments Large employers with self-funded employee benefit plans have received no guidance on when their benefits-related activities are subject to the Privacy Rule “Nobody” seems to know whether HIPAA or state law applies in the numerous instances in which the laws conflict HHS HIPAA implementation assistance efforts need to be increased by several orders of magnitude – and quickly

6 Wiley Rein & Fielding LLP6 Member Rights Complicated Mainly for people with complaints Compliance and risk management Confidential communications

7 Wiley Rein & Fielding LLP7 Spouses Normal course of business Low percentage of problems High risk where problems occur

8 Wiley Rein & Fielding LLP8 Enforcement Issues -- Privacy Rules Complicated Extensive Ambiguous? Consistent? Relevant to real world?

9 Wiley Rein & Fielding LLP9 Privacy Enforcement Less government? –Civil –Criminal/a real risk? Patients/individuals Class Actions

10 Wiley Rein & Fielding LLP10 Enforcement Understanding where challenges will be Making smart decisions Keeping a good perspective Compliance vs. business vs. risk management

11 Wiley Rein & Fielding LLP11 Litigation Basics No HIPAA private right of action What could happen? Gramm-Leach-Bliley? Insurance practices/deceptive trade practices? Common law? State privacy laws

12 Wiley Rein & Fielding LLP12 Litigation – Next Steps Standard in the industry State deceptive trade practices Common law invasion of privacy Creativity

13 Wiley Rein & Fielding LLP13 Key Issues What is the claim? Who is it by? What are the damages?

14 Wiley Rein & Fielding LLP14 Smith v. Chase Manhattan Bank Financial institution gave list to third party, received payments on sales Said it didn’t do these things in privacy notice No damages alleged/no cause of action Only unwanted telemarketing

15 Wiley Rein & Fielding LLP15 Key Risk Areas Employment Marketing Spouses Individual rights Broadly applicable issues (code word – class action)

16 Wiley Rein & Fielding LLP16 Conclusions Government has fewer and weaker tools in privacy Government will be creative in pushing the envelope Private litigation will be substantial and creative

17 Wiley Rein & Fielding LLP17 Conclusions Private litigation probably more important Monetary implications are very unclear Pressure and adverse publicity are very important Some rule for whistleblowers/complaints

18 Wiley Rein & Fielding LLP18 Relations with Employers Very complicated At least confusing/perhaps inconsistent Major client relations issues Opportunities and challenges –Shift to fully insured? –Will customers abandon group health care? –New client opportunities? –Keep an eye on this

19 Wiley Rein & Fielding LLP19 Employer/Group Issues Rules make little sense Mass confusion Likelihood of mistakes Customer relations Will require significant changes

20 Wiley Rein & Fielding LLP20 What Is The Issue? Avoid having PHI used by employers for employment-related purposes HHS’ fix: –HHS does not directly regulate employers or other plan sponsors –Instead, HHS places restrictions on the flow of information from covered entities to non- covered entities, including plan sponsors

21 Wiley Rein & Fielding LLP21 The Role of the Employer Plan Sponsor Is the employer a plan sponsor of a group health plan (GHP)? Rule restricts flow of PHI between GHP and plan sponsor Minimal impact of rule on plan sponsor that receives summary health information for premium bid purposes or enrollment information

22 Wiley Rein & Fielding LLP22 Plan Sponsor (cont’d) Substantial impact of rule on plan sponsor that receives PHI Sponsor must amend and certify plan documents before receiving PHI – otherwise violation of HIPAA Amendments must spell out permitted uses and disclosures of PHI by sponsor

23 Wiley Rein & Fielding LLP23 Compliance Obligations For Health Plans If fully insured and receive only Summary Health Information (SHI) or enrollment information, very limited effects If (1) self-insured or (2) fully insured and get PHI, substantial obligations – full covered entity

24 Wiley Rein & Fielding LLP24 Security New Rule Relevant Dates Tie to Privacy – What are “appropriate safeguards?”

25 Wiley Rein & Fielding LLP25 Contract Types Business associate (privacy) Chain of trust (security) Trading partner (standard transactions) Focus on understanding/analyzing overlaps

26 Wiley Rein & Fielding LLP26 Business Associates Who are they? When? What will you require of them? (requirements + options) Links to standard transactions

27 Wiley Rein & Fielding LLP27 Additional Issues Enforcement rules on business associates Potential responsibility beyond enforcement rule Customer/public relations aspects? Risks on timing (wolf in sheep’s clothing)

28 Wiley Rein & Fielding LLP28 Preemption More stringent state law Other federal law No one understands this Strategy Multi-state issues How many states are you worried about?

29 Wiley Rein & Fielding LLP29 Misconceptions – Minimum Necessary Misunderstood Hard Extensive Mainly a documentation project Will it require changes?

30 Wiley Rein & Fielding LLP30 Misconceptions Consent and authorizations Who must sign Underwriting Convenience Customer issues

31 Wiley Rein & Fielding LLP31 Getting Started on HIPAA Audit of information use/practices Work HIPAA into contract negotiations/ renegotiations Educate employees Educate business associates Educate providers

32 Wiley Rein & Fielding LLP32 Conclusions Still lots to do Very difficult balancing act Keep an eye on the lawsuits Be conscious of where people can complain – and where they may not Expect confusion An ongoing issue that will not be going away

33 Wiley Rein & Fielding LLP33 Top HIPAA Reminders HIPAA requires significant change by all segments of the health care industry – and all at once. HIPAA changes all aspects of the way covered entities do business The general public will scrutinize the health care industry more stringently because of HIPAA Need to educate customers on requirements/non- requirements

Download ppt "Wiley Rein & Fielding LLP HIPAA Privacy: Key Challenges For Privacy Officers Kirk J. Nahra Wiley Rein & Fielding LLP Washington, D.C. 202.719.7335"

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Key Issues For Your Remaining HIPAA Compliance Time – The Health Plan Perspective Kimberly GrayKirk J. Nahra Chief Privacy OfficerWiley Rein & Fielding.

Key Issues For Your Remaining HIPAA Compliance Time – The Health Plan Perspective Kimberly GrayKirk J. Nahra Chief Privacy OfficerWiley Rein & Fielding.
PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.

PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.
The New HIPAA Era: What's New, What's Different and What's Actually Important Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335

The New HIPAA Era: What's New, What's Different and What's Actually Important Kirk J. Nahra Wiley Rein LLP Washington, D.C
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Similar presentations

Ads by Google