Presentation is loading. Please wait.

Presentation is loading. Please wait.

Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,

Published byKeven Baggett Modified over 9 years ago

Similar presentations

Presentation on theme: "Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,"— Presentation transcript:

1 Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21, 2008 Gerry Hinkley gerryhinkley@dwt.com Sixteenth HIPAA Summit/The Privacy Symposium August 21, 2008 Gerry Hinkley gerryhinkley@dwt.com

2 Davis Wright Tremaine LLP About the Speaker 30+ years in health law practice Current Activities: Steering Committee, Connecting for Health Co-Chair, eHealth Initiative Consensus Legislation Task Force - Engaging Consumers and Protecting Privacy HIMSS HIE Steering Committee and Legal Aspects of the Enterprise Task Force 30+ years in health law practice Current Activities: Steering Committee, Connecting for Health Co-Chair, eHealth Initiative Consensus Legislation Task Force - Engaging Consumers and Protecting Privacy HIMSS HIE Steering Committee and Legal Aspects of the Enterprise Task Force

3 Davis Wright Tremaine LLP Overview What HIPAA does not do What government has historically regulated Forces at work to drive protection of health information beyond HIPAA What we can expect What HIPAA does not do What government has historically regulated Forces at work to drive protection of health information beyond HIPAA What we can expect

4 Davis Wright Tremaine LLP What HIPAA does not do Doesn’t create a comprehensive right of patient privacy Doesn’t regulate entities other than providers, payers and clearinghouses, such as PHRs and non-covered recipients of data Doesn’t require patient consent for exchange of information for treatment, payment and healthcare operations (TPO) Doesn’t create a private right of action to enforce/remediate violations Doesn’t over-ride more stringent state laws Doesn’t create a comprehensive right of patient privacy Doesn’t regulate entities other than providers, payers and clearinghouses, such as PHRs and non-covered recipients of data Doesn’t require patient consent for exchange of information for treatment, payment and healthcare operations (TPO) Doesn’t create a private right of action to enforce/remediate violations Doesn’t over-ride more stringent state laws

5 Davis Wright Tremaine LLP What government has historically regulated – sensitive information Federal – consent required for disclosure of Alcohol and drug treatment School health records Medicaid data States – consent required for disclosure of HIV/AIDS, STDs Mental health Substance abuse Genetic testing Cancer Birth defects Federal – consent required for disclosure of Alcohol and drug treatment School health records Medicaid data States – consent required for disclosure of HIV/AIDS, STDs Mental health Substance abuse Genetic testing Cancer Birth defects

6 Davis Wright Tremaine LLP What government has historically regulated – data breaches 44 States have legislation focused on non-health information – identity theft Most get to health records only if an SSN is included California, Minnesota, Rhode Island have medical records specific requirements This appears to be the beginning of a trend 44 States have legislation focused on non-health information – identity theft Most get to health records only if an SSN is included California, Minnesota, Rhode Island have medical records specific requirements This appears to be the beginning of a trend

7 Davis Wright Tremaine LLP What government has historically regulated – disclosures A generally recognized right to healthcare information privacy Access by patients By providers to insurers is limited Commercial uses by insurers, HMOs restricted Psychotherapy notes protected Private rights of action by patients A generally recognized right to healthcare information privacy Access by patients By providers to insurers is limited Commercial uses by insurers, HMOs restricted Psychotherapy notes protected Private rights of action by patients

8 Davis Wright Tremaine LLP Forces at work to drive protection of health information beyond HIPAA Public opinion in response to headlines State legislatures addressing HIT generally Privacy and Security Solutions Project Multi-state collaborations Consent options Harmonizing state privacy laws Legislative template Common taxonomy to permit cross- boundaries analysis In-state initiatives State privacy boards Devising state mandates Public opinion in response to headlines State legislatures addressing HIT generally Privacy and Security Solutions Project Multi-state collaborations Consent options Harmonizing state privacy laws Legislative template Common taxonomy to permit cross- boundaries analysis In-state initiatives State privacy boards Devising state mandates

9 Davis Wright Tremaine LLP What we can expect - federal Continued federal efforts to create true privacy legislation Government studies of privacy and security issues and making of policy recommendations: Creation of HIT Policy Committee within HHS GAO study regarding protection of health information by parties not subject to HIPAA "Qualified HIT Systems" and "Qualified Personal Health Records" Qualification standards will include privacy and security requirements Promotion of those systems to increasing consumer awareness of privacy protections and rights Continued federal efforts to create true privacy legislation Government studies of privacy and security issues and making of policy recommendations: Creation of HIT Policy Committee within HHS GAO study regarding protection of health information by parties not subject to HIPAA "Qualified HIT Systems" and "Qualified Personal Health Records" Qualification standards will include privacy and security requirements Promotion of those systems to increasing consumer awareness of privacy protections and rights

10 Davis Wright Tremaine LLP What we can expect - federal Government engaging and educating the consumer on privacy issues Development of loan programs for HIE to include programs to engage consumers in the development of privacy and security policies Secretary of HHS is to develop and implement a national education initiative that enhances public understanding of privacy and security issues Enhanced regulation of HIPAA covered entities, i.e., the FTC is to develop a model notice of privacy practices for use by HIPAA covered entities Government engaging and educating the consumer on privacy issues Development of loan programs for HIE to include programs to engage consumers in the development of privacy and security policies Secretary of HHS is to develop and implement a national education initiative that enhances public understanding of privacy and security issues Enhanced regulation of HIPAA covered entities, i.e., the FTC is to develop a model notice of privacy practices for use by HIPAA covered entities

11 Davis Wright Tremaine LLP What we can expect - federal Regulation of non-HIPAA covered entities with respect to privacy and security issues HIE organizations that are not covered entities will be required to develop and publicize a description of their privacy and security policies (i.e., a notice of privacy practices by another name) The FTC will monitor privacy and security practices by organizations that collect health information but are not subject to HIPAA Regulation of non-HIPAA covered entities with respect to privacy and security issues HIE organizations that are not covered entities will be required to develop and publicize a description of their privacy and security policies (i.e., a notice of privacy practices by another name) The FTC will monitor privacy and security practices by organizations that collect health information but are not subject to HIPAA

12 Davis Wright Tremaine LLP What we can expect - states Organized efforts within states to identify legislatable topics around privacy and security State legislation focused on Expansion of existing laws to encompass electronic storage and transmission Consumer access and rights with respect to records Increased requirements and specificity for patient consent for HIE Organized efforts within states to identify legislatable topics around privacy and security State legislation focused on Expansion of existing laws to encompass electronic storage and transmission Consumer access and rights with respect to records Increased requirements and specificity for patient consent for HIE

13 Davis Wright Tremaine LLP What we can expect - states State legislation focused on Expansion of HIPAA “covered entities” States allowing HIPAA to pre-empt more stringent state laws Imposition of privacy and security principles through government grant- making Increased enforcement mechanisms Consistency of terms Accreditation of HIEs as a means for policies to cross state lines State legislation focused on Expansion of HIPAA “covered entities” States allowing HIPAA to pre-empt more stringent state laws Imposition of privacy and security principles through government grant- making Increased enforcement mechanisms Consistency of terms Accreditation of HIEs as a means for policies to cross state lines

14 Davis Wright Tremaine LLP What we need Consistent elements across state lines for Accountability, enforcement Purpose of disclosure Consent process Data quality Individual rights Security safeguards Notification Openness Limitations on use Consistent elements across state lines for Accountability, enforcement Purpose of disclosure Consent process Data quality Individual rights Security safeguards Notification Openness Limitations on use

15 Davis Wright Tremaine LLP This is a publication of the Health Information Technology Group of Davis Wright Tremaine LLP with a purpose to inform and comment upon recent developments in health law. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Copyright 2008, Davis Wright Tremaine LLP (reprints with attribution permitted) This is a publication of the Health Information Technology Group of Davis Wright Tremaine LLP with a purpose to inform and comment upon recent developments in health law. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations. Copyright 2008, Davis Wright Tremaine LLP (reprints with attribution permitted)

Download ppt "Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,"

Similar presentations

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.

Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.

Beth DeLair, JD, RN DeLair Consulting, LLC. Discussion Topics Background Existing WI Requirements State Efforts to Change Law Senate Bill 487 Changes.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Developing Privacy and Security Standards Allen Briskin Allen Briskin

Developing Privacy and Security Standards Allen Briskin Allen Briskin
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
New York Health Information Security and Privacy Collaboration (NY HISPC) AHRQ Annual Meeting September 27, 2007 Ellen Flink Project Director NYS DOH.

New York Health Information Security and Privacy Collaboration (NY HISPC) AHRQ Annual Meeting September 27, 2007 Ellen Flink Project Director NYS DOH.

Similar presentations

Ads by Google