Presentation is loading. Please wait.

Presentation is loading. Please wait.

Permitted Disclosures Under GLB & HIPAA Miriam J. Paramore PCI 9001 Shelbyville Road iTRC Building Louisville, KY 40222 502-429-8555 www.hipaasurvival.com.

Published byPosy Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "Permitted Disclosures Under GLB & HIPAA Miriam J. Paramore PCI 9001 Shelbyville Road iTRC Building Louisville, KY 40222 502-429-8555 www.hipaasurvival.com."— Presentation transcript:

1 Permitted Disclosures Under GLB & HIPAA Miriam J. Paramore PCI 9001 Shelbyville Road iTRC Building Louisville, KY 40222 502-429-8555 www.hipaasurvival.com © Paramore Consulting, Inc.

2 Slide 2 Project Overview Client: Large Health Plan –Health insurer, Disease management, HMO, Hospital, Primary Care, Clinic, Home health Privacy Compliance Assessment –GLB Primary Focus –HIPAA (where overlaps exist) Timeline: 6-8 weeks

3 © Paramore Consulting, Inc.Slide 3 Project Overview Objectives –Uses & Disclosures Inventory –Determine which disclosures are permitted under GLB & HIPAA, Identify gaps –Develop baseline HIPAA gap analysis #1 Priority –Identify changes in disclosure practices needed before July 1, 2001

4 © Paramore Consulting, Inc.Slide 4 Project Team Paramore Consulting, Inc. (PCI) –Business & technical consulting –Data gathering, Disclosure analysis, Document cataloging, Information Inventory –Facilitated sessions Gardner, Carton & Douglas (GCD) –Document review, Privilege –Legal interpretation & analysis

5 © Paramore Consulting, Inc.Slide 5 Project Team The Client –Dedicated team of internal staff –Coordinated by Corporate Compliance Manager –Representatives from all affected business units & departments –Educated on the relevant laws –Motivated

6 © Paramore Consulting, Inc.Slide 6 The Laws HIPAA –Health plans, Clearinghouse s, Providers that transmit electronically –Use and disclosure of protected health information GLB –Insurance institutions, Agents & Insurance support organizations –Disclosure of personal information

7 © Paramore Consulting, Inc.Slide 7 “Information” Under the Laws HIPAA –Protected Health Information –Use –Disclosure GLB –Personal Information –Privileged Information

8 © Paramore Consulting, Inc.Slide 8 GLB: Personal Information “Any individually identifiable information gathered in connection with an insurance transaction from which judgments can be made about an individual’s character, habits, avocations, finances, occupation, general reputation, credit, health, or any other personal characteristics. It includes an individual’s name and address and medical-record information, but does not include privileged information or any information that is publicly available.”

9 © Paramore Consulting, Inc.Slide 9 GLB: Privileged Information “Any individually identifiable information that relates to a claim for insurance benefits or a civil or criminal proceeding involving an individual and is collected in connection with or in reasonable anticipation of a claim for insurance benefits or civil or criminal proceeding involving an individual.”

10 © Paramore Consulting, Inc.Slide 10 HIPAA: Use v. Disclosure Use – “the employment, application, utilization, examination, or analysis of protected information within an entity that maintains the information.” Disclosure – “the release, transfer, provision of access to, or divulging in any other manner of protected information outside the entity holding the information.” In short, 'use' occurs inside an entity, while 'disclosure' occurs outside an entity.

11 © Paramore Consulting, Inc.Slide 11 Permitted Disclosure Comparison HIPAA –Written Authorization –Minimum Necessary –Written Business Associate Agreements GLB –Written Authorization –Reasonably Necessary –Written or Oral Agreements With Recipient

12 © Paramore Consulting, Inc.Slide 12 Project Process Planning –Client, PCI, & GCD responsibilities assigned and coordinated Attorney-Client Privilege Information Capture Legal & Risk Analysis Reporting

13 © Paramore Consulting, Inc.Slide 13 Attorney-Client Privilege Established early Underlying information not covered Review of all documents prior to distribution to project team Legal interpretation to in-house counsel prior to distribution Analysis and reporting through GCD

14 © Paramore Consulting, Inc.Slide 14 Information Capture Document gathering (547 documents) Questionnaires Cross-functional facilitated sessions (4 days) Detailed interviews with each affected department

15 © Paramore Consulting, Inc.Slide 15 Work Products PHI Flow Diagram Business Associate Inventory Uses & Disclosures Inventory HIPAA Disclosures Key GLB Disclosures Key Master Document Catalog

16

17 © Paramore Consulting, Inc.Slide 17 Uses & Disclosures Inventory From To What Information Purpose On Whose Behalf BAA Required? Permitted Disclosure Rationale (Key) Notes / Additional Detail / Issues

18 © Paramore Consulting, Inc.Slide 18 Disclosure Analysis To, From, What, Purpose, On Who’s Behalf Recipients –Affiliate, nonaffiliate –Covered entity, non-covered entity –Business associate Marketing purpose

19 © Paramore Consulting, Inc.Slide 19 Disclosure Analysis Permitted Permitted but limited to minimum necessary Permitted with agreement or written contract Permitted with authorization and/or opt out Not permitted

20 © Paramore Consulting, Inc.Slide 20 Disclosure Analysis Example Pharmacy benefits program to identify drug abuse Disclose to prescribing physicians –Name of member –Names of all other prescribing physicians –Drugs & doses prescribed –Dispensing pharmacies

21 © Paramore Consulting, Inc.Slide 21 Disclosure Analysis Example Purpose of disclosure –Determine validity of benefit claim –Determine medical necessity –Alert physicians of abuse problem –Establish coordination of care Principle compliance issue –Minimum necessary under GLB & HIPAA

22 © Paramore Consulting, Inc.Slide 22 Disclosure Analysis Example GLB Standard –Determining eligibility for the benefit –Detecting or preventing fraud –To a medical professional to: Verify coverage Inform individual of medical problem of which he may not be aware Provided only that information is disclosed as is reasonably necessary to accomplish the purpose of the disclosure

23 © Paramore Consulting, Inc.Slide 23 Disclosure Analysis Example HIPAA Standard –“Payment” includes medical necessity & appropriateness of care –“Health care operations” includes medical review for fraud and abuse detection –Reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose

24 © Paramore Consulting, Inc.Slide 24 Disclosure Analysis Example No support for disclosing names of dispensing pharmacies Limit disclosure to drug & dosage Determine referral relationships If referral relationships exist –Disclose names of other physicians If no relationship –Assurance that physician will consult with other physicians

25 © Paramore Consulting, Inc.Slide 25 Disclosure Analysis Example Develop criteria to determine when disclosing names of physicians is needed Where criteria not met, analyze facts & circumstances Document basis for position that disclosure is the minimum necessary to accomplish intended purpose

26 © Paramore Consulting, Inc.Slide 26 Reporting Master Document Catalog –Reusable, electronic workbook Uses & Disclosures Inventory –Reusable, electronic workbook –Hyperlinked to MDC Disclosure Flow Diagram Gap Analysis Report Presentation to Senior Staff

27 © Paramore Consulting, Inc.Slide 27 Findings Written authorizations required if information disclosed by Client to subsidiary is used beyond its work for Client Document minimum necessary Written business associate agreements Revise and issue privacy notices

28 © Paramore Consulting, Inc.Slide 28 Next Steps Incorporate into compliance plan Full HIPAA privacy assessment –Policy & procedure development –Privacy training –Minimum necessary –Authorization forms –Business associate agreements Full HIPAA security assessment

29 © Paramore Consulting, Inc.Slide 29 Lessons Learned Communication is key Combine GLB & HIPAA efforts Determine your organizations’ definition of “disclosure” Determine when attorney-client privilege is necessary Examine identity of subsidiaries Map information exchanges

30 © Paramore Consulting, Inc.Slide 30 Questions? Colleen M. Roberts Gardner, Carton & Douglas 321 N. Clark Street Suite 3400 Chicago, Illinois 60610 (312) 245-8534 cmroberts@gcd.com Miriam J. Paramore PCI: e-commerce for healthcare 218 Crescent Court Suite 100 Louisville, Kentucky 40206 (502) 895-2196 miriam.paramore@hipaasurvival.com

Download ppt "Permitted Disclosures Under GLB & HIPAA Miriam J. Paramore PCI 9001 Shelbyville Road iTRC Building Louisville, KY 40222 502-429-8555 www.hipaasurvival.com."

Similar presentations

Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training

Similar presentations

Ads by Google