Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA & Corrections New Federalism in a New Century American Correctional Health Services Association Multidisciplinary Training Conference Baltimore,

Similar presentations


Presentation on theme: "HIPAA & Corrections New Federalism in a New Century American Correctional Health Services Association Multidisciplinary Training Conference Baltimore,"— Presentation transcript:

1 HIPAA & Corrections New Federalism in a New Century American Correctional Health Services Association Multidisciplinary Training Conference Baltimore, MD April 10-13, 2003 Presented by Robert J. Burns NGA Center for Best Practices

2 © 2003 National Governors Association 2 What is HIPAA? Health Insurance Portability and Accountability Act of 1996 (HIPAA) Established federal floor of consumer protections, marketplace standards –Insurance market reforms –Privacy, security –Administrative simplification New Federalism –Preserves stronger state protections

3 © 2003 National Governors Association 3 Federal Regulations ProposedRuleFinalRule Compliance Deadline † Privacy11/99 8/02 ‡ 4/03 Security8/984/034/05 Electronic Transactions and Codes 5/98 3/03 ± 10/02 * National Provider Identifier 5/98—— Health Plan Identifier ——— Employer Identifier 6/987/027/04 Enforcement——— † Small health plans have one additional year following this date to be compliant. ‡ Originally finalized December 28, 2000, HHS proposed modifications to the privacy rule on March 27, The modifications were finalized on August 14, The compliance deadline did not change. ± Originally finalized August 17, 2000, HHS proposed modifications to the transactions rule on May 31, The modifications were finalized on March 24, The compliance deadline did not change. * The compliance deadline could have been extended by one year if a compliance plan was submitted to HHS before October 16, Small health plans were not eligible for the conditional extension.

4 © 2003 National Governors Association 4 The Privacy Rule (45 CFR § 162 and 164) Outlines consumer privacy rights –Guaranteed access to medical record –Clear avenue of recourse Covers “protected health information” (PHI) –Individually identifiable –Transmitted, maintained in any medium Restricts how PHI may be used –Authorized uses (treatment, public health) –Permitted disclosures (minimum necessary, consent, notification)

5 © 2003 National Governors Association 5 Who Must Comply? (“Covered Entities” and “Covered Functions”) Individual or group health plans (or programs) that provide for or pay the cost of health benefits directly, through insurance, or otherwise Health care providers (or suppliers) who furnish, bill, or receive payment for medical or other health services or supplies (and who also conduct certain health care transactions electronically) Health information clearinghouses that process or facilitate the processing of electronic health information into standard or nonstandard formats

6 © 2003 National Governors Association 6 Who Else Must Comply? Hybrid entities whose business activities include both covered and non-covered functions Business associates that perform certain functions or activities on behalf of covered entities Information trading partners that rely on protected health information for purposes not directly related to the business activities of covered entities

7 © 2003 National Governors Association 7 Public-Private Paradox The broad mandates of most public programs go far beyond HIPAA’s narrow, private-sector orientation. Unlike most private sector organizations, public programs must balance the law’s requirements with their additional roles as purchasers, managers, and regulators of health care, as well as guardian of the public’s health and safety.

8 © 2003 National Governors Association 8 Community-based providers (“safety net”) Public hospitals/clinics Mental health facilities Substance abuse treatment centers State/local health departments Academic medical/research centers Organ donation programs Law enforcement and corrections (coroners, medical examiners) TANF-funded programs MCH programs (Title V) School-based health programs (immunizations, dental) HIV/AIDS (“Ryan White”) State employee benefits Worker’s compensation State technology authorities Health policy offices Broad Implications (Non-Medicaid)

9 © 2003 National Governors Association 9 Correctional Institutions [45 CFR § (k)(5)] A covered entity that is a correctional institution may use protected health information of inmates for any purpose for which protected health information may be disclosed. –Treatment –Payment –Health care operations –Public health reporting –Other reporting

10 © 2003 National Governors Association 10 Other Permitted Disclosures To provide inmate health care To preserve safety, security, good order To carry-out a court order, warrant, subpoena, summons To facilitate law enforcement and investigative activities To report crime in emergencies

11 © 2003 National Governors Association 11 Key Challenges (Corrections and Law Enforcement) Determine covered entity status –Hybrid entity model Evaluate flow of PHI Reconcile HIPAA w/state, federal laws –Disclosures required by state law –Mental health, substance abuse

12 © 2003 National Governors Association 12 Key Challenges (Corrections and Law Enforcement) Understand organizational requirements –No application after release Establish policies, procedures Train staff, upgrade infrastructure, and test –Notice of privacy practices –Consent/authorization –Accounting for disclosures –Personal representative –Minimum necessary –Physical, technical, administrative safeguards –Business associates

13 © 2003 National Governors Association 13 Key Challenges (States) Guidance (validation) –Covered entity determinations –Preemption decisions (state, federal) Funding –Medicaid (recoup enhanced match) –Non-Medicaid (no federal funding) Implementation schedule –Counterproductive (state resources) –Wasteful (taxpayer dollars) Complaint-driven enforcement –Unknown vulnerability (due diligence, penalties, lawsuits) –Consistent application (among HHS regions)

14 © 2003 National Governors Association 14 Recommendations Engage other state cabinets, agencies –Identify state HIPAA coordinator –Medicaid, public health Demonstrate due diligence –Demand guidance from state AG –Seek formal guidance from OCR, DOJ Prepare communications strategy Incorporate HIPAA into budget

15 © 2003 National Governors Association 15 Additional Information SEE THE HIPAA PRIVACY RULE 45 CFR Parts 160 and 164 Organizational Requirements § Correctional Institutions and Other Law Enforcement and Custodial Situations § (k)(5) Law Enforcement Purposes § (f) Judicial and Administrative Proceedings § (e) Averting a Serious Threat to Health or Safety § (j) Required by Law § (a)

16 © 2003 National Governors Association 16 Additional Resources HIPAA Privacy (Official Website) HHS Office for Civil Rights (OCR) NGA Center HIPAA Resources Popovits & Robinson Attorneys At Law U.S. Department of Justice Civil Rights Division

17 © 2003 National Governors Association 17 NGA Center for Best Practices (http://www.nga.org/center/hipaa) Robert J. Burns Policy Analyst Health Policy Studies Division National Governors Association Center for Best Practices Hall of States, Suite North Capitol Street, NW Washington, DC (202) fax: (202)

18 HIPAA & Corrections New Federalism in a New Century American Correctional Health Services Association Multidisciplinary Training Conference Baltimore, MD April 11, 2003 Presented by Robert J. Burns NGA Center for Best Practices


Download ppt "HIPAA & Corrections New Federalism in a New Century American Correctional Health Services Association Multidisciplinary Training Conference Baltimore,"

Similar presentations


Ads by Google