Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Tips and How to Avoid Pitfalls When Sharing Electronic Health Records Within a Health Care System Sarah Coyne (Quarles & Brady LLP) Heather Fields.

Published byKarley Burley Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Tips and How to Avoid Pitfalls When Sharing Electronic Health Records Within a Health Care System Sarah Coyne (Quarles & Brady LLP) Heather Fields."— Presentation transcript:

1 Practical Tips and How to Avoid Pitfalls When Sharing Electronic Health Records Within a Health Care System Sarah Coyne (Quarles & Brady LLP) Heather Fields (Reinhart Boerner Van Deuren SC) HIPAA COW Fall Conference September 21, 2007

2 Legal Barriers in Wisconsin HIPAA Stark / AKS Wisconsin general records 146.82 Wisconsin hospital regulations Wisconsin mental health act and regulations Wisconsin pharmacy law (e.g. remote dispensing) Electronic signature requirements Mishmash of other WI laws DQA (or is it OQA? Or BQA?) memos CMS conditions of participation Other CMS memos/ guidance (SOM) 42 CFR Part 2 Accrediting agencies (e.g., Joint Commission) Retention requirements Potential for patient care/ privacy claims

3 Non-Legal Barriers $$$$ Social/ Organizational (resistance to change) Technological barriers To scan or not to scan (managing paper) Who owns the record What happens in the event of dissolution/ disconnection

4 So Why Do It? Remember the original ONCHIT goals: –Inform clinical practice –Interconnect clinicians –Personalize care –Improve population health

5 Basic Components of EMR Computerized orders for prescriptions Computerized orders for diagnostic tests Reporting of test/ lab results Practitioner notes

6 The VA Model Veterans Health Information Systems and Technology Architecture (VistA) Graphical interface providers may review patient's VA record at any of the 1000+ VA facilities Limited somewhat in scope

7 Managing the Legal Barriers….

8 HIPAA Each entity within the health system may have its own privacy and security policies/ documentation Cross-walk them and decide which can be jointly managed in connection with the EMR

9 HIPAA : Pitfalls to Manage up Front Tracking stuff –Required documentation –Requested amendments –Restricted modes of communication –Accountable disclosures –Access to designated record set –Restricted disclosures –Patient authorizations

10 HIPAA: more pitfalls Business Associate management/ tracking User role-based access/ minimum necessary for that job description User identification Sanctions Coordination of multiple security or privacy officers

11 HIPAA: more pitfalls Joint training? Joint response to complaints – what if only one entity in the health system is the subject of a complaint – sharing liability

12 Wisconsin – 146.82 : Redisclosure The Issue – 146.82(2)(b) How it affects transfer of information among related entities DHFS may not directly monitor Solution – legislative?

13 146.82(2)(b) Except as provided in s. 610.70 (3) and (5), unless authorized by a court of record, the recipient of any information under par. (a) shall keep the information confidential and may not disclose identifying information about the patient whose patient health care records are released.s. 610.70 (3) (5)par. (a)

14 DHFS Letter Providers requested an opinion that: –Wis. Stat. 146.82(2)(b) does not apply to patient records for continuity of care –Including in the EMR context

15 146.82(2)(b) cont. DHFS said: –Reasonable minds disagree about this –Cannot give that opinion –Identified by eHealth workgroup –Workgroup said: appropriate to seek statutory change to ensure redisclosure is lawful –"Even for the purposes of further treatment"

16 146.82(2)(b) DQA staff has stated that "enforcement of 146.82(2)(b) is not part of their survey or review process." Suggests inclusion of consent to disclosure for continuity of care on patient authorization forms (but…that's not one of the options, technically).

17 Stark / AKS The exceptions and safe harbors establish the conditions under which: –Entities furnishing DHS (and certain other entities under the safe harbor) may donate to physicians (and certain other recipients under the safe harbor) interoperable electronic health records software, information technology and training services. –Hospitals and certain other entities may provide physicians (and certain other recipients under the safe harbor) with hardware, software, or information technology and training services necessary and used solely for electronic prescribing.

18 Wisconsin Hospital Regulations HFS 124 contains particular requirements for medical records – electronic or not Clinics not as closely regulated Shared records must meet the more stringent hospital requirements

19 Wisconsin Mental Health Act and Regulations – Pitfalls Informed Consent Form 51.30(2) –Designated recipient (DHFS: to IT dept.) –Designated purpose (DHFS: must specify to patients in writing) –Particular information to be disclosed (DHFS: can't just say "any and all treatment record information") –Expiration date (DHFS: OK to specify an expiration date in the future, must be confined period of time) 92.03(1) Statement (DHFS: must occur, even with EMR)

20 Mental Health – Pitfalls Recent law changes allow at least sharing of medication list Contemplated revisions – 51.30 workgroup – how far should the sharing go? –Privacy vs. Patient Care

21 Wisconsin Ehealth Action Plan Patient Care Information Exchange Consumer Interests Financing Governance

22 Electronic Signature Requirements CMS CoP 482.24 (2006 revisions) Proposed HIPAA requirements for electronic standards Ch. 137 June 27, 1997 DHFS memo re electronic signature in electronic recordkeeping

23 DQA (or is it OQA? or BQA?) Memos Authentication of orders

24 42 CFR Part 2 Bottom line: even among related entities, can't easily include AODA records in joint EMR Consent needed for more disclosures Personal representative concept more stringent Redisclosure is prohibited – like WI –Accompanying statement required

25 Accrediting agencies (e.g. Joint Commission) If one of the related entities is not, and the other is not – EMR must comply with accreditation standards.

26 Retention Requirements Each entity must be responsible for maintaining its own records for the required periods of time Easier to keep records permanently in EMR environment

27 Potential for Patient Care/ Privacy Claims Key issue to be negotiated up front Agreement between separate legal entities –Insurance –Indemnification –Complaint management process – Joint response

28 Non-Legal Barriers…..

29 $$$$ Wisconsin funding sources Federal funding sources (ARHQ) Tax breaks Shared funding may be a tricky upfront negotiation, between related entities

30 Social/ Organizational (resistance to change) Clashing cultures Educating employees Patient awareness Trust

31 Technological Barriers Software Networking Programming/ IT support

32 "Legal" EMR Of one entity in the system but not another?

33 To Scan Or Not to Scan (Managing Paper) Will you ever need the paper? Costs/ administrative costs of scanning Some practitioners are wedded to paper "Psychotherapy notes"

34 Who Owns the Record Patients? Entities If shared – co-owners? (Address via agreement between legally separate entities)

35 What Happens in the Event of Dissolution/ Disconnection Address it in the agreement

36 Summary points Many of the issues in sharing between related entities are the same as those between unrelated entities May still need agreements Address thorny issues (liability, insurance, governance, financing, patient awareness, scanning, etc.) UP FRONT

Download ppt "Practical Tips and How to Avoid Pitfalls When Sharing Electronic Health Records Within a Health Care System Sarah Coyne (Quarles & Brady LLP) Heather Fields."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
FERPA - Sharing Student Information

FERPA - Sharing Student Information
Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.

Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

Similar presentations

Ads by Google