Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

Published byAmia McLeod Modified over 10 years ago

Similar presentations

Presentation on theme: "HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference."— Presentation transcript:

1 HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference October 23, 2002

2 Overview n Basics of HIPAA and other laws n Other federal laws: – FERPA, Privacy Act, etc. n HIPAA and Financial Services n Conclusion

3 I. Basics of HIPAA and Other Laws n When are you required to disclose medical data? n Much confusion on this during drafting period n Basic HIPAA approach -- HIPAA itself never requires disclosure n Exactly two exceptions – Access to patient records, Sec. 164.524 – HHS enforcement of the rule, Sec. 160.310(c)

4 Required by Law n Many situations where other law requires you to disclose medical data – Most clearly for a court order – Not a HIPAA violation to comply n Sec. 164.512(a): A covered entity may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.

5 Basics on required disclosures n HIPAA (almost) never requires disclosure n HIPAA generally creates new legal limitations on using and disclosing PHI n HIPAA says you may disclose where required by other law n Its your call what you are required to do -- HIPAA doesnt give the answer n Both HIPAA and other law apply

6 The Privacy Act as Example n Law applies to federal agencies, with fair information practices limiting disclosure and providing access n As of April, 2003 federal agencies will comply with both laws, where applicable n HIPAA enforcement for HIPAA violations n Privacy Act enforcement for Privacy Act violations

7 EMTALA as Example n Requires treatment on site where patient arrives in emergency situation n HIPAA applies -- must protect PHI but can use & disclose it more broadly for treatment, payment & health care operations n EMTALA applies -- a separate, ongoing legal requirement

8 Public Health & Health Oversight n Public health, Sec. 164.512(b) n Health oversight, Sec. 164.512(d) n Both say covered entity may disclose n No new compulsion from HIPAA to require the disclosure n If a covered entity believes disclosure is not appropriate, and disclosure is permitted by HIPAA, then the other law governs

9 II. HIPAA Provisions about Other Law n Some provisions in HIPAA specifically point to other statutes as supplying the applicable law n Workers Comp, Sec. 164.512(l) – May disclose as authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault – Required vs. permissive disclosure the key

10 FERPA -- Educational Records n In HIPAA: – Definition of protected health information excludes – educational records covered by – the Family Educational Rights and Privacy Act, 20 U.S.C. 1232g n Therefore, if records covered by FERPA, no HIPAA obligations

11 FERPA n Educational records are: – those records, files, documents, and other materials which – contain information directly related to a student; and – are maintained by an educational agency or institution or by a person acting for such agency or institution

12 What Does this Mean for Schools n K-12 nurses -- clearly only have FERPA and not HIPAA n Universities and schools serving over 18 years old -- right to the student instead n What if student health services also serve non-students? Spouses, employees? – Legally, HIPAA applies to those – Practically, keep separate?

13 HIPAA and the End of College Athletics! n Will we learn that the quarterback is hurt? Will sports gamblers be able to pursue their chosen profession? n FERPA -- governs school athletes, authorizations required as today n Pro sports -- authorization can be required by the employer – Will union contracts limit that?

14 III. HIPAA & Financial Services n Gramm-Leach-Bliley & HIPAA n 2 statutes, comply with both n Does that mean 2 notices for covered entities? n GLB came first – GLB agencies contemplated that compliance with HIPAA would count for GLB notice – I am not aware of any follow-up clarification by GLB agencies

15 GLB & HIPAA n HHS comments, Dec. 2000 – agencies consult to avoid duplication – insurers covered by GLB would be subject to states, not FTC n The upshot: – Health insurers or other dual covered entities likely can give only HIPAA notice – No definitive word from GLB agencies, though

16 HIPAA and Financial Services n The payment exception in HIPAA Sec. 1179 n Easy case – Check, credit card and the basic routing information – Name, account numbers, what is needed to process the payment itself – That data entirely outside of HIPAA

17 Payments and HIPAA n Back office – As financial institution goes deeper, and does back office for a covered entity, HIPAA risk grows – At some point, become business associate n Clearinghouse – Convert standard/nonstandard transactions – Specialized financial services entity, can become a covered entity

18 Conclusion on Other Fed. Laws n Disclosure required by other law, then at least may disclose PHI n Disclosure permitted by other law, then HIPAA limits apply n Disclosure forbidden by other law, then HIPAA does not authorize the disclosure (with tiny possible exceptions)

19 Contact Information n Web: www.peterswire.net n Email: pswire@mofo.com n Phone: (240) 994-4142

Download ppt "HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.

"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.
Embedding Privacy in Federal Information Systems Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,

Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,
Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.
The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.

HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.
Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.

Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.

I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training

Similar presentations

Ads by Google