Presentation is loading. Please wait.

Presentation is loading. Please wait.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

Published byGeoffrey Allen Modified over 9 years ago

Similar presentations

Presentation on theme: "Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,"— Presentation transcript:

1 Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry, Jr. Davis Wright Tremaine LLP Los Angeles, California tomjeffry@dwt.com Thomas E. Jeffry, Jr. Davis Wright Tremaine LLP Los Angeles, California tomjeffry@dwt.com

2 Davis Wright Tremaine LLP Balancing Individual Privacy and Communal Interests A central premise of DHHS’ Privacy Rule, like most health information privacy protections, is how to balance individual privacy interests with communal needs for data, like public health and health research.

3 Davis Wright Tremaine LLP The Covered Entity is responsible for the protected health information it collects and maintains and is liable under HIPAA for unauthorized uses and disclosures.

4 Davis Wright Tremaine LLP Covered Entity Must: Identify what disclosures and uses are for treatment, payment and health care operations Identify what disclosures and uses are subject to exceptions set forth in 45 CFR 164.512 To the extent required by law For specified public health activities to a public health authority or other appropriate government authority For specified health oversight activities For research purposes with a waiver from IRB or Privacy Board To avert a serious threat to health and safety Exercise professional judgment in the case of an emergency or disaster relief Account for most disclosures not authorized Identify what disclosures and uses are for treatment, payment and health care operations Identify what disclosures and uses are subject to exceptions set forth in 45 CFR 164.512 To the extent required by law For specified public health activities to a public health authority or other appropriate government authority For specified health oversight activities For research purposes with a waiver from IRB or Privacy Board To avert a serious threat to health and safety Exercise professional judgment in the case of an emergency or disaster relief Account for most disclosures not authorized

5 Davis Wright Tremaine LLP What is the Impact of the Privacy Rule on Public Health? Internally – what are the ways that the rule affects the practice of public health or public health research done by public health agencies or its partners? Externally – how does the Rule impact the flow of indentifiable health data into or out of public health agencies? Internally – what are the ways that the rule affects the practice of public health or public health research done by public health agencies or its partners? Externally – how does the Rule impact the flow of indentifiable health data into or out of public health agencies?

6 Davis Wright Tremaine LLP Public Health Practice - Internally To the extent that public health authorities use or disclose identifiable health data for public health purposes, they are not “covered entities,” and are thus not required to adhere to the provisions of the Privacy Rule.

7 Davis Wright Tremaine LLP Public Health Practice - Externally How will the Privacy Rule affect the flow of health data to public health authorities?

8 Davis Wright Tremaine LLP The Public Health Exception The “public health” exception states that a covered entity may disclose protected health information without specific, individual authorization to a “public health authority that is authorized by law to collect and receive such information for the purpose of preventing and controlling disease, injury, or disability, including... reporting of disease... and the conduct of public health surveillance....”

9 Davis Wright Tremaine LLP Similar Public Health Exceptions Disclosures to maintain the quality, safety, or effectiveness of FDA products Disclosures to notify persons exposed to communicable diseases Disclosures about victims of abuse, neglect, or domestic violence Disclosures for health oversight activities Disclosures to prevent serious threats to persons or the public Disclosures to maintain the quality, safety, or effectiveness of FDA products Disclosures to notify persons exposed to communicable diseases Disclosures about victims of abuse, neglect, or domestic violence Disclosures for health oversight activities Disclosures to prevent serious threats to persons or the public

10 Davis Wright Tremaine LLP What is a ‘Public Health Authority’? A public health authority is an : agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency... that is responsible for public health matters as part of its official mandate. A public health authority is an : agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe, or a person or entity acting under a grant of authority from or contract with such public agency... that is responsible for public health matters as part of its official mandate.

11 Davis Wright Tremaine LLP Dealing with State Reporting Laws The privacy regulations expressly do not pre-empt (or override) state law that “provides for the reporting of disease or injury... or for the conduct of public health surveillance [or] investigation....”

12 Davis Wright Tremaine LLP Different Perspectives in Approaching the “Grey Areas” Required by law vs. permitted or authorized by law Distinguishing clinical care from research Distinguishing surveillance from research Downstream uses and disclosures of previously disclosed PHI to a public entity How to deal with Community Health Record to identify and service patient needs When to rely on disaster relief, threat to public safety to disclose information Can a government authority or research organization be a business associate Required by law vs. permitted or authorized by law Distinguishing clinical care from research Distinguishing surveillance from research Downstream uses and disclosures of previously disclosed PHI to a public entity How to deal with Community Health Record to identify and service patient needs When to rely on disaster relief, threat to public safety to disclose information Can a government authority or research organization be a business associate

13 Davis Wright Tremaine LLP Special Research Concerns Researchers need training on HIPAA requirements, waivers, and authorizations Authorization in Informed Consents vs. separately signed authorizations Identifying all the uses of and groups who may receive research PHI Creating a limited data set for research purposes; researchers as business associates subject to date use agreements Collection and use of specimens Researchers need training on HIPAA requirements, waivers, and authorizations Authorization in Informed Consents vs. separately signed authorizations Identifying all the uses of and groups who may receive research PHI Creating a limited data set for research purposes; researchers as business associates subject to date use agreements Collection and use of specimens

14 Davis Wright Tremaine LLP When in doubt, obtain an authorization CE and public health officials discuss and agree upon ‘grey areas’ in advance Demonstrate parallel commitment toward privacy and security What to do about PH & Research?

Download ppt "Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,"

Similar presentations

HIPAA for Governments & Municipalities Rebecca L. Williams, RN, JD Partner, Co-Chair of HIT/HIPAA Practice Davis Wright Tremaine LLP Seattle, WA

HIPAA for Governments & Municipalities Rebecca L. Williams, RN, JD Partner, Co-Chair of HIT/HIPAA Practice Davis Wright Tremaine LLP Seattle, WA
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Objectives  Review federal statutes (HIPAA, FERPA)  Discuss state guidelines  Review local procedures 6 - 2.

Objectives  Review federal statutes (HIPAA, FERPA)  Discuss state guidelines  Review local procedures
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Similar presentations

Ads by Google