Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA & Corrections New Federalism in a New Century

Published byImani Sherrell Modified over 10 years ago

Similar presentations

Presentation on theme: "HIPAA & Corrections New Federalism in a New Century"— Presentation transcript:

1 HIPAA & Corrections New Federalism in a New Century
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA HIPAA & Corrections New Federalism in a New Century Presented by Robert J. Burns NGA Center for Best Practices American Correctional Health Services Association Multidisciplinary Training Conference Baltimore, MD • April 10-13, 2003 Robert J. Burns NGA Center for Best Practices

2 Centers for Disease Control and Prevention
State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA What is HIPAA? Health Insurance Portability and Accountability Act of 1996 (HIPAA) Established federal floor of consumer protections, marketplace standards Insurance market reforms Privacy, security Administrative simplification New Federalism Preserves stronger state protections © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

3 Federal Regulations Proposed Rule Final Compliance Deadline† Privacy
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Federal Regulations Proposed Rule Final Compliance Deadline† Privacy 11/99 8/02‡ 4/03 Security 8/98 4/05 Electronic Transactions and Codes 5/98 3/03± 10/02* National Provider Identifier Health Plan Identifier Employer Identifier 6/98 7/02 7/04 Enforcement † Small health plans have one additional year following this date to be compliant. ‡ Originally finalized December 28, 2000, HHS proposed modifications to the privacy rule on March 27, The modifications were finalized on August 14, The compliance deadline did not change. ± Originally finalized August 17, 2000, HHS proposed modifications to the transactions rule on May 31, The modifications were finalized on March 24, The compliance deadline did not change. * The compliance deadline could have been extended by one year if a compliance plan was submitted to HHS before October 16, Small health plans were not eligible for the conditional extension. © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

4 The Privacy Rule (45 CFR § 162 and 164)
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA The Privacy Rule (45 CFR § 162 and 164) Outlines consumer privacy rights Guaranteed access to medical record Clear avenue of recourse Covers “protected health information” (PHI) Individually identifiable Transmitted, maintained in any medium Restricts how PHI may be used Authorized uses (treatment, public health) Permitted disclosures (minimum necessary, consent, notification) The Security Rule (45 CFR § 160, 162, and 164) Prevents unauthorized access to PHI Administrative, technical, physical safeguards © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

5 Who Must Comply? (“Covered Entities” and “Covered Functions”)
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Who Must Comply? (“Covered Entities” and “Covered Functions”) Individual or group health plans (or programs) that provide for or pay the cost of health benefits directly, through insurance, or otherwise Health care providers (or suppliers) who furnish, bill, or receive payment for medical or other health services or supplies (and who also conduct certain health care transactions electronically) Health information clearinghouses that process or facilitate the processing of electronic health information into standard or nonstandard formats HEALTH PLAN Bill Medicaid PROVIDER Prison hospitals and health facilities CLEARINGHOUSE Rare if ever © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

6 Centers for Disease Control and Prevention
State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Who Else Must Comply? Hybrid entities whose business activities include both covered and non-covered functions Business associates that perform certain functions or activities on behalf of covered entities Information trading partners that rely on protected health information for purposes not directly related to the business activities of covered entities HYBRID ENTITIES? State/local health agencies (immunizations) Public welfare programs (TANF) Corrections departments (transitioning inmates) Foster care programs (custodial health care) BUSINESS ASSOCIATES [45 CFR ] State/local health departments (contract out prisoner health care) Practice and benefit managers Data analysis, processing, and administration vendors Billing and claims processing vendors Utilization review vendors Quality review consultants Lawyers, accountants, consultants TRADING PARTNERS Researchers (public and private) Funding agents (grants) © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

7 Public-Private Paradox
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Public-Private Paradox The broad mandates of most public programs go far beyond HIPAA’s narrow, private-sector orientation. Unlike most private sector organizations, public programs must balance the law’s requirements with their additional roles as purchasers, managers, and regulators of health care, as well as guardian of the public’s health and safety. © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

8 Broad Implications (Non-Medicaid)
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Broad Implications (Non-Medicaid) Community-based providers (“safety net”) Public hospitals/clinics Mental health facilities Substance abuse treatment centers State/local health departments Academic medical/research centers Organ donation programs Law enforcement and corrections (coroners, medical examiners) TANF-funded programs MCH programs (Title V) School-based health programs (immunizations, dental) HIV/AIDS (“Ryan White”) State employee benefits Worker’s compensation State technology authorities Health policy offices TREATMENT Case management Referrals and authorization requests Medical history maintenance Lab work and tests (indirect) ENROLLMENT & ELIGIBILITY Health plan enrollment Eligibility, benefit determinations & procedures (plan-specific, public aid) Termination of coverage BILLING & PAYMENT (Claim Submissions & Status) Premium payment Claim submissions Date(s) of service (when) Provider information (who) Procedures (what) Diagnosis (why) Claim inquiries (status) Claim payment (COB, EOB) RESEARCH Medical research (clinical trials, new treatments, medications, therapies) Surveillance of health trends (public health, best practices) MANAGEMENT Policy decisions Quality management (provider history, licensure, referral trends, best practices) Performance standards (claims turnaround, case management trends) Underwriting and risk management (premium payment) © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

9 Correctional Institutions [45 CFR § 164.512(k)(5)]
A covered entity that is a correctional institution may use protected health information of inmates for any purpose for which protected health information may be disclosed. Treatment Payment Health care operations Public health reporting Other reporting © 2003 National Governors Association

10 Other Permitted Disclosures
To provide inmate health care To preserve safety, security, good order To carry-out a court order, warrant, subpoena, summons To facilitate law enforcement and investigative activities To report crime in emergencies © 2003 National Governors Association

11 Key Challenges (Corrections and Law Enforcement)
Determine covered entity status Hybrid entity model Evaluate flow of PHI Reconcile HIPAA w/state, federal laws Disclosures required by state law Mental health, substance abuse © 2003 National Governors Association

12 Key Challenges (Corrections and Law Enforcement)
Understand organizational requirements No application after release Establish policies, procedures Train staff, upgrade infrastructure, and test Notice of privacy practices Consent/authorization Accounting for disclosures Personal representative Minimum necessary Physical, technical, administrative safeguards Business associates © 2003 National Governors Association

13 Key Challenges (States)
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA Key Challenges (States) Guidance (validation) Covered entity determinations Preemption decisions (state, federal) Funding Medicaid (recoup enhanced match) Non-Medicaid (no federal funding) Implementation schedule Counterproductive (state resources) Wasteful (taxpayer dollars) Complaint-driven enforcement Unknown vulnerability (due diligence, penalties, lawsuits) Consistent application (among HHS regions) GUIDANCE Unable to determine the extent of HIPAA’s impact (non-Medicaid) Unable to quantify an implementation budget Unable to train providers (threaten safety net) FUNDING Every state is in fiscal crisis: (1) slow economy, (2) spending pressures, (3) declining revenue. FY2002 and FY2003: Two-thirds of states experienced growth of less than 5 percent. FY2002: 16 states experienced negative growth. STAGGERED IMPLEMENTATION SCHEDULE Contrary to private sector would implement HIPAA. Less costly to make changes all at once. COMPLAINT-DRIVEN ENFORCEMENT Who will be complaining? About what? What is state exposure to penalties? (sanctions vs. technical assistance) Will enforcement across HHS regions be consistent? © 2003 National Governors Association Robert J. Burns NGA Center for Best Practices

14 Recommendations Engage other state cabinets, agencies
Identify state HIPAA coordinator Medicaid, public health Demonstrate due diligence Demand guidance from state AG Seek formal guidance from OCR, DOJ Prepare communications strategy Incorporate HIPAA into budget © 2003 National Governors Association

15 Additional Information
SEE THE HIPAA PRIVACY RULE 45 CFR Parts 160 and 164 Organizational Requirements § Correctional Institutions and Other Law Enforcement and Custodial Situations § (k)(5) Law Enforcement Purposes § (f) Judicial and Administrative Proceedings § (e) Averting a Serious Threat to Health or Safety § (j) Required by Law § (a) © 2003 National Governors Association

16 Additional Resources HIPAA Privacy (Official Website)
HHS Office for Civil Rights (OCR) NGA Center HIPAA Resources Popovits & Robinson Attorneys At Law U.S. Department of Justice Civil Rights Division © 2003 National Governors Association

17 NGA Center for Best Practices (http://www.nga.org/center/hipaa)
Robert J. Burns Policy Analyst Health Policy Studies Division National Governors Association Center for Best Practices Hall of States, Suite 267 444 North Capitol Street, NW Washington, DC (202) fax: (202) © 2003 National Governors Association

18 HIPAA & Corrections New Federalism in a New Century
Centers for Disease Control and Prevention State and Local Perspectives on HIPAA February 13, 2003 Atlanta, GA HIPAA & Corrections New Federalism in a New Century Presented by Robert J. Burns NGA Center for Best Practices American Correctional Health Services Association Multidisciplinary Training Conference Baltimore, MD • April 11, 2003 Robert J. Burns NGA Center for Best Practices

Download ppt "HIPAA & Corrections New Federalism in a New Century"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) (known as THE PRIVACY RULE)

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) (known as THE PRIVACY RULE)
HIPAA How It Is Affecting Information Systems Within Companies Around Us.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google