Presentation is loading. Please wait.

Presentation is loading. Please wait.

Moving Health Information In An Emergency

Published byClyde McLaughlin Modified over 6 years ago

Similar presentations

Presentation on theme: "Moving Health Information In An Emergency"— Presentation transcript:

1 Moving Health Information In An Emergency
National Emergency Management Summit New Orleans, Louisiana March 5, 2007 Barry S. Herrin, FACHE, Esq. Smith Moore LLP Atlanta, Georgia

2 Agenda Practical Problems in Information Exchange
Joint Commission Accreditation Standards for Emergency Management OCR HIPAA Emergency Preparedness Planning and Response EMTALA HIPAA Security Issues

3 Practical Problems in Information Exchange
You don’t have a way to receive information You don’t have a way to send information You don’t know to whom information should be sent You don’t know whether the information you have is accurate You can’t inventory/control/safeguard the information you do have

4 The Joint Commission’s New Emergency Management Standards
EC.4.13 – The Organization Establishes Emergency Communications Strategies Establishes processes for ongoing communication of information and instructions to staff once response measures are initiated Establishes processes for communicating with patients and their families during emergencies Defines the circumstances and processes for communicating information about patients to third parties (other health organizations, law enforcement, etc.) Establishes backup communications systems for the processes identified above

5 The Joint Commission’s New Emergency Management Standards
EC.4.14 – The Organization Establishes Strategies for Managing Resources and Assets During Emergencies Establishes processes to transport pertinent information, including essential clinical and medication-related information, for each patient to an alternative care site when the environment cannot support adequate care, treatment, and services

6 The Joint Commission’s New Emergency Management Standards
EC.4.15 – The Organization Establishes Strategies for Managing Safety and Security During Emergencies Determines who will be permitted to enter, move through, and exit the facility once emergency measures are initiated Establishes processes for controlling the movement of individuals within the facility

7 The Joint Commission’s New Emergency Management Standards
EC.4.20 – The Organization Regularly Tests its Emergency Operations Plan Twice a year, either in response to an actual event or a planned exercise - tabletop sessions are not sufficient If you have a defined role in the community’s emergency management program, participate in one communitywide exercise a year – tabletop sessions are sufficient

8 The Joint Commission’s New Emergency Management Standards
EC.4.20 – The Organization Regularly Tests its Emergency Operations Plan During planned exercises, the organization monitors performance in : - effectiveness of communication both within the organization and with response entities outside the organization; and provision of clinical and support care activities, processes related to triage activities, and patient identification and tracking processes One exercise must test performance under escalating conditions of compromise to infrastructure

9 OCR HIPAA Emergency Preparedness Planning and Response
Katrina Bulletin #1 Providers can share patient information for treatment Coordinating patient care with relief workers Sharing information with other providers in areas where a patient has relocated Providers can release information for payment

10 OCR HIPAA Emergency Preparedness Planning and Response
Katrina Bulletin #1 Providers can share patient information to identify, locate, and notify family members of patients Should get at least verbal permission This includes using law enforcement and the press to help find people Providers can maintain a directory of patients to tell people who is in the facility and their general condition

11 OCR HIPAA Emergency Preparedness Planning and Response
Katrina Bulletin #2 HHS advised that, “in determining whether reasonable cause exists for a covered entity’s failure to meet the business associate requirements and in determining whether and to what extent to extend the period within which noncompliance must be cured, OCR will consider the emergency circumstances arising from Hurricane Katrina, along with good faith efforts by covered entities, its business associates and their agents, both to protect the privacy of health information and to appropriately execute the agreements required by the Privacy Rule as soon as practicable.”

12 OCR HIPAA Emergency Preparedness Planning and Response
Katrina Bulletin #2 NOWHERE did HHS say it was waiving compliance with the Privacy Rule Post-Katrina statements by HHS make it clear that the exigencies of the next emergency will not engender the same leniency as was present during and immediately after Katrina – we have had our wake-up call

13 The Online Emergency Response Tool

14

15 EMTALA – Mechanics of Record Transfer
Sending Records With or Ahead of the Patient? HIPAA – “use or disclosure required by law” dd(c)(2)(C) – the transferring hospital must “send to the receiving facility all medical records relating to the emergency condition for which the individual has presented, available at the time of transfer” The EMTs need this stuff, don’t they?

16 HIPAA Security Issues Security means “ALL administrative, physical, and technical safeguards” – i.e., confidentiality, integrity, and accessibility (a)(1) – Ensure the confidentiality, integrity, and accessibility of ePHI Can’t just say, “If it’s been destroyed, it’s secure” (a)(2) – Protect against “any reasonably anticipated threats or hazards” to the security or integrity of ePHI

17 HIPAA Security Issues (a)(7) – Establish and implement as needed policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain ePHI Data Backup – “retrievable exact copies of ePHI” Disaster Recovery – “restore ANY loss of data” Emergency Mode Operation Plan – “continuation of critical business processes” Periodic Testing and Revision of Plans Has nothing to do with continuing to receive ePHI

18 HIPAA Security Issues (a)(8) – Perform periodic technical and nontechnical evaluations in response to environmental or operational changes affecting the security of ePHI (a)(2)(i) – Establish and implement procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan

19 HIPAA Security Issues (a)(2)(ii) – Establish and implement procedures for obtaining necessary ePHI during an emergency From your systems, not from anyone else’s (c)(1) – Implement policies and procedures to protect ePHI from improper alteration or destruction

20 Questions?

21 Contact Information: Barry S. Herrin, FACHE, Esq. x1027

Download ppt "Moving Health Information In An Emergency"

Similar presentations

Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
| Establishing a Contingency Plan.

| Establishing a Contingency Plan.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved. Health Information Technology and Management Richard.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Similar presentations

Ads by Google