Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

Published byEthan McHugh Modified over 10 years ago

Similar presentations

Presentation on theme: "SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004."— Presentation transcript:

1 SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004

2 Research and Privacy Common Rule –adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data 45 CFR §46.111(a)(7) FDA –informed consent include statement describing the extent, if any, to which confidentiality of records identifying the subject will be maintained and … not[ing] the possibility that the [FDA] may inspect the records 21 CFR §50.25(a)(5)

3 Health Insurance Portability and Accountability Act of 1996 Title I: Health Care Access, Portability, and Renewability www.hcfa.gov/medicaid/hipaa Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform aspe.hhs.gov/admnsimp www.hhs.gov/ocr/hipaa

4 Administrative Simplification Components

5 TIMELINE Transactions and Code Set Standards –October 16, 2002 (providers, large health plans) extension but must file compliance plan –October 16, 2003 (health Plans < $ 5 million) Privacy Rule –April 14, 2003 –April 14, 2003 (providers, large health plans) –April 14, 2004 –April 14, 2004 (small health plans) Security Rule –April 20, 2005 (providers, large health plans) –April 20, 2006 (small health plans)

6 Who is Covered? Health care providers who transmit any health information in electronic transactions Health plans Health care clearinghouses [Prescription drug discount sponsor] Business associate relationships

7 What is covered? Protected health information (PHI) that is: –individually identifiable health information –transmitted or maintained in any form or medium Held by a covered entity in any form or medium De-identified information - NOT COVERED

8 Key Points Federal rule sets floor –covered entities may provide greater protection –More protective state law applies –California law permitted research uses & disclosures without specific authorization Required disclosures limited to: –subject of information –DHHS for compliance All other disclosures are permissive

9 Privacy Rule - in brief Notice of Privacy Practices Uses and disclosures permitted for treatment, payment, health care operations Minimum necessary requirements Individual rights Patient authorization Organizational requirements Business associates

10 Individual Rights Right to inspect and receive copy of PHI Right to request restrictions of uses/disclosures Right to request amendment Right to an accounting of disclosures Right to have reasonable requests for confidential communications accommodated Right to written notice of information practices from providers and plans Right to file complaint with DHHS or covered entity

11 Enforcement Civil Monetary Penalties –$100/violation –Capped at $25,000/calendar year for each requirement or prohibition that is violated –Enforced by DHHS Office of Civil Rights Criminal Penalties –Greater penalties for certain knowing violations –Enforced by Department of Justice Other liability

12 Permitted Uses/Disclosures Research 45 CFR §§164.512(i), 164.514(a), (e) Subject authorization Approved waiver Reviews preparatory to research Research on decedents information - NEW De-identified information –Not subject to Privacy Rule requirements Limited data set

13 Patient Authorization – Core Elements description of PHI CE authorized to make use/disclosure authorized recipient of PHI description of each purpose expiration date or event signature and date –personal representatives authority

14 Patient Authorization - Required Statements Right to revoke in writing –How, describe exceptions OR –Refer to CEs Notice of Privacy Practices Research participation may be conditioned on signing authorization Potential of information to be redisclosed by recipient and no longer protected by Privacy Rule

15 Patient Authorization – Additional Requirements Plain language Copy of signed authorization

16 Criteria for Approval of Waiver Minimal risk to subjects privacy –Adequate plan to protect identifiers from improper use/disclosure –Adequate plan to destroy identifiers at earliest opportunity consistent with conduct of research, unless health, research or legal justification for retention –Adequate written assurances that PHI will not be reused or redisclosed to any other person or entity except as required by law, authorized oversight of research, or other permissible research Could not be practicably conducted without waiver Could not be practicably conducted without access to or use of PHI

17 Documentation Requirements Identification and date of action Waiver criteria PHI needed Review and approval procedures Required signature

18 Additional Requirements Notice of privacy practices Accounting of disclosures Minimum necessary standard

19 Reviews Preparatory for Research Permitted if CE obtains from researcher representations that: –use or disclosure sought solely to prepare a research protocol or for similar purposes –no PHI will be removed from CE by researcher in course of review –PHI necessary for research purposes

20 Research Decedents Information Permitted if CE obtains from researcher: –representation that use or disclosure solely for research –documentation, upon request, of individuals deaths –representation that PHI necessary for research purposes

21 Common Rule - Waiver No more than minimal risk to subjects; Will not adversely affect the rights and welfare of the subjects; Research not practicably carried out without waiver or alteration; and Subjects provided with additional pertinent information after participation, when appropriate

22 Privacy Rule vs. Common Rule De-identified information is not subject to privacy rule requirements –Certain exempt research now subject to IRB review Coded information still subject to IRB review under Common Rule

23 De-identification Requirements Expert Opinion Person with appropriate knowledge and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable –determination that risk is very small; and –documents methods and results of analysis. 45 CFR §164.514

24 De-identification Removal of Identifiers

25 Limited Data Set Research, public health, health care operations CE may contract with business associate to create LDS Data Use Agreement –Privacy Rule requirements

26 Limited Data Set Removal of Direct Identifiers

27 Common Issues Health care operations or research –QA, QI activities Outcomes evaluation, development of clinical guidelines –Population-based activities relating to improving health or reducing cost –Protocol development, case management, case coordination –Cost management and planning-related analysis Formulary development Improved payment methodologies Intent is key! – obtain generalizable knowledge not primary purpose

28 Common Issues Covered Entity, Hybrid Entity, or non-Covered Entity –Cities, counties, states, agencies –Schools, universities –Non-health care employers Databases Decedent research De-identification

29 WEBSITES Privacyruleandresearch.nih.gov –HIPAA & Research Aspe.hhs.gov/admnsimp –HIPAA Administrative Simplification Components www.dhhs.gov/ocr/hipaa –HIPAA Privacy Rule

Download ppt "SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Presented to Second Annual Medical Research Summit Washington, D.C. by Mark Barnes ROPES & GRAY March 25, 2002 APPLICABILITY OF HIPAA TO RESEARCH AND CLIINICAL.

Presented to Second Annual Medical Research Summit Washington, D.C. by Mark Barnes ROPES & GRAY March 25, 2002 APPLICABILITY OF HIPAA TO RESEARCH AND CLIINICAL.
Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.

Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google