Presentation is loading. Please wait.

Presentation is loading. Please wait.

Care Coordination and Interoperable Health IT Systems

Published byOswald Newman Modified over 7 years ago

Similar presentations

Presentation on theme: "Care Coordination and Interoperable Health IT Systems"— Presentation transcript:

1 Care Coordination and Interoperable Health IT Systems
Unit 10: Ensuring the Security and Privacy of Information Shared Welcome to Care Coordination and Interoperable Health IT Systems, Ensuring the Security and Privacy of Information Shared. This is Lecture a – Legal Aspects of Care Coordination. Lecture a – Legal Aspects of Care Coordination This material (Comp 22 Unit 10) was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit Health IT Workforce Curriculum Version 4.0

2 Ensuring the Security and Privacy of Information Shared Lecture a – Learning Objectives
Objective 1: Identify applicable federal laws and regulations related to protected health information shared during care coordination (Lecture a) Objective 2: Assess processes and systems to ensure compliance with applicable privacy and security regulations during care coordination (Lecture b) Objective 3: Explain the challenges of establishing, preserving, and restoring trust from multiple stakeholder perspectives (Lecture b) Objective 4: Review interoperable systems for weaknesses in structure or processes, which may result in a loss of trust (Lecture c) Objective 5: Discuss the need for data provenance (Lecture c) Objective 6: Analyze the system specifications and functionality to establish data provenance (Lecture c) The objective for this Unit, Ensuring the Security and Privacy of Information Shared, Lecture a is to identify the federal laws and regulations related to protected health information that may be shared during the process of care.

3 Objective 7: Categorize privacy concerns appropriately (Lecture d)
Ensuring the Security and Privacy of Information Shared Lecture a – Learning Objectives (Cont’d – 1) Objective 7: Categorize privacy concerns appropriately (Lecture d) Objective 8: Modify privacy and security policies and procedures for sensitive protected health information and other special considerations (Lecture d) Objective 9: Employ appropriate tools and methods to ensure privacy and security during care coordination processes (Lecture d) No Audio. Health IT Workforce Curriculum Version 4.0

4 Privacy Social Value Right to be let alone; protected against physical or psychological invasion In health care: Right to limit the disclosure of personal information So first let’s examine the issue of privacy. Privacy is primarily a social value, it is not constitutionally protected but there are laws that recognize a person’s right to be let alone as well as protected against physical or psychological invasion. In health care are laws and regulations recognize the right to limit the disclosure of personal information.

5 Confidentiality Requires communication between two or more parties
Data or information that needs to be protected Confidentiality results from sharing private thoughts with someone else in confidence i.e. communication between two or more parties. It generally stems from a relationship such as an attorney and client, the clergy and parishioner, physician and a patient. The confidentiality pertains to information resulting from that relationship.

6 Security Protection of data from intentional or unintentional destruction, modification, or disclosure Required for privacy and confidentiality Security on the other hand is protection of the data from intentional or unintentional destruction, modification or disclosure. This can mean we are protecting it from a breach, this means we can protect it from the physical elements, this means we can ensure that it is only modified when that is legally allowed. Security is required for privacy and confidentiality.

7 Primary Federal Law Health Insurance Portability and Accountability Act (HIPAA) Privacy Act Security Act Only applies to Protected Health Information (PHI) Is created or received by a health care provider, health care clearinghouse or health plan Is related to the health, health care delivery, or payment of health care delivery of a person Identifies the person or it is reasonable to believe the information can identify the person The overarching federal law that governs privacy and security of all health records is commonly known as HIPPA, the Health Insurance Portability and Accountability Act. It has two main components: The Privacy Act covers all individually identifiable health data in any medium. The Security act applies to all individually health data in electronic form only. HIPPA sets the minimum requirements for Health data privacy and security, however it only applies to protected health information, sometimes called PHI. Three conditions must be met in order for health data to be considered protected health information or PHI. 1) The data has to be created or received by a health care provider, a health care clearinghouse or a health plan or insurance company. 2) It must be related to health, health care delivery or the payment of health care delivery. Finally the data must identify the person or it is reasonable to believe the information can’t identify the person.

8 Important Points Related to HIPAA
Patient authorization or consent is required to share information UNLESS the sharing is for: Payment, Treatment, or Operations As otherwise required (public health reporting, etc.) Care Coordination is Treatment! There are some important points related to HIPPA. Generally, the sharing of protected health information requires patient authorization or consent meaning the patient agrees to the sharing of the information. The three main exemptions to this requirement are information sharing for payments i.e. to insurance companies, treatment between different providers or operations, for example, within a health care organization. Care coordination qualifies as Treatment. This means that protected health information can generally be shared for the purposes of care coordination. There are some types of sensitive information covered in later sections that require special handling.

9 Other Privacy Act Requirements
Minimum Necessary Only the protected health information needed to accomplish the intended purposes of the use, disclosure, or request Privacy Practices Notice Health care provider with a direct treatment relationship Need to make good faith effort to obtain written acknowledgement Covered entities to anyone on request Health plan to all of its enrollees Other important Privacy Act requirements include the minimum necessary requirement. It’s not imposed in any of the following circumstances: the disclosure to or request by a healthcare provider for treatment or when you are disclosing to the individual who is the subject of the information or their personal representative. If the disclosure is made pursuing to an authorization or to the department of health and human services for complain investigation or other enforcement activities on their behalf, if the user disclosures are required by law or it’s required for compliance with HIPPA transactions rule or other HIPPA administrative simplification rules. In essence, the minimum necessary says only the protected health information needed to accomplish the intended purposes of the use disclosure or request can be released, so for example the insurance company can only request the PHI that they need to pay for the treatment that they are responsible for paying for, they could not request PHI for treatment they are not paying for. We also have the privacy practices notice. Each covered entity those who are subject to HIPPA with certain exceptions must provide a notice of their privacy practices. It requires that the notice contain certain elements. In essence, it has to describe the ways in which the covered entity may use and disclose PHI. It must state their duties to protect privacy, provide a notice of privacy practices to their clients, and abide by the terms of their current notice. The notice must also describe individuals or client’s rights including their right to complain to the Department of Health and Human Services and to the covered entity if they believe their privacy rights have been violated. The notice must include a point of contact for further information and for making complaints to the covered entity. Covered entities must act in accordance with their notices. The rule also contains specific distribution requirements for direct treatment providers, all other health care providers and health plans. Health care providers especially need to make a good faith effort to obtain a written acknowledgement, however, if the client or patient refuses to sign a privacy practices notice, the healthcare provider simply needs to document that.

10 Special Information Types
Substance abuse information Genetic information So we have two types of special information that we are going to discuss. While the privacy act and security act of HIPPA pertain to most individually identifiable patient information, these other types of health care records are subject to special laws and regulations. And this is information specifically related to drug, alcohol and substance abuse as well as genetic data and HIV information. They all have separate requirements.

11 Drug and Alcohol Abuse Drug Abuse Prevention, Treatment and Rehabilitation Act Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970 The two main laws governing drug and alcohol abuse information are the Drug Abuse Prevention, Treatment and Rehabilitation Act as well as the Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of These regulations related to drug and alcohol abuse restrict disclosure of patient specific information. Specifically these laws and regulations prohibit the explicit identification of a patient’s presence or past presence in a facility. Any type of disclosure including for treatment or care coordination purposes usually requires patient consent or a court order, the only exceptions would be when someone’s life is in danger or as might be required under other laws.

12 Substance Abuse 42 Code of Federal Regulations (CFR), Part 2
Does not pertain to general medical facilities, unless they have an alcohol or drug abuse treatment unit Applies to federally assisted entities that provide alcohol or drug abuse diagnosis, treatment, or referral for treatment With the force of law our regulations of the federal government, including Title 42 of the Code of Federal Regulations Part 2, under this regulation, records of patients treated for alcohol or drug abuse might only be disclosed with patient’s written authorization or without authorization to medical personnel for bona fide medical emergency, for research audits and program evaluation or in response to a court order. And as you can see on this slide this regulation does not pertain to general medical facilities unless they have a specific substance abuse treatment unit.

13 Genetic Information Governed by the Genetic Information Nondiscrimination Act (GINA) Prohibits insurance company, employer, and labor union misuse HIPAA includes identifiable genetic information as health information Genetic information is governed by the Genetic Information Nondiscrimination Act, or more commonly known as GINA. Genetic information is also considered as special class of information. Specifically insurance companies, employers and labor unions are limited in how they can use genetic information. For standard health care purposes such as health care delivery and care coordination, genetic information is subject to the same laws as health information.

14 Federal versus State Laws
HIPAA is the minimum of what is required States can and do have more stringent requirements Legal precedence is given to whichever law, federal or state, provides the most rights to the patient. So each state in the United States also has state laws around privacy and security of health information. So the question often becomes “What do you do when there is federal vs state laws and they are not the same”. It’s important to realize that the requirements of HIPPA are the floor, they are the minimum of what is required. Many states can and often do have more stringent requirements. The legal precedence for federal vs state when it comes to PHI is given to whichever law, federal or state, provides the most rights to the patient. For example, HIPPA requires that the healthcare provider respond to a request for PHI within 30 days. In some states that time to respond from the healthcare provider to the patient after a request of information might be as little as 2 weeks and in that instance state law would have precedence because it provides most rights to the patient in terms of getting a response in a very timely fashion. Conversely, there are some state laws, which might say that the provider can charge the patient to come in and review copies of their own information in the healthcare facility. That is not allowed under HIPPA. In that instance, the federal law would take precedence because it gives the patient more rights related to their PHI. Health IT Workforce Curriculum Version 4.0

15 Care coordination is considered treatment
Unit 10: Ensuring the Security and Privacy of Information Shared Summary – Lecture a – Legal Aspects of Care Coordination Care coordination is considered treatment Providers are allowed to share PHI for purposes of Care Coordination So in summary for this lecture, Care Coordination is considered treatment. And providers are allowed to share PHI for purposes of Care Coordination. This concludes Lecture a – Legal Aspects of Care Coordination of Unit 10: Ensuring the Security and Privacy of Information Shared. Thank you very much. Health IT Workforce Curriculum Version 4.0

16 Unit 10: Ensuring the Security and Privacy of Information Shared References – Lecture a
42 CFR Part 2. (n.d.). Retrieved May 10, 2016, from Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970, Pub. L. 91 – 616, § 84 Stat. (1970). Retrieved May 10, 2016, from Dodd-Frank Wall Steet Reform 279 in the last year. (n.d.). Retrieved May 10, 2016, from Drug Abuse Prevention, Treatment and Rehabilitation Act of 1980, Pub. L. No. 96 – 180, § 93 Stat (1980). Retrieved May 10, 2016, from GINAhelp.org - Your GINA Resource. (n.d.). Retrieved May 10, 2016, from Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104 – 191, § 100 Stat (1996). Retrieved May 10, 2016, from Privacy Act of (n.d.). Retrieved May 10, 2016, from Secretary, H. O. (n.d.). The Security Rule. Retrieved May 10, 2016, from No Audio. Health IT Workforce Curriculum Version 4.0

17 Unit 10: Ensuring the Security and Privacy of Information Shared Lecture a – Legal Aspects of Care Coordination This material was developed by The University of Texas Health Science Center at Houston, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0006. No Audio. Health IT Workforce Curriculum Version 4.0

Download ppt "Care Coordination and Interoperable Health IT Systems"

Similar presentations

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.

HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
Confidentiality and HIPAA

Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.

Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Similar presentations

Ads by Google