Presentation is loading. Please wait.

Presentation is loading. Please wait.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

Similar presentations


Presentation on theme: "H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator."— Presentation transcript:

1 H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator

2 Eye Banks ARE NOT typically subject to HIPAA.

3 HIPAA Overview H ealth I nsurance P ortability & A ccountability A ct Portability and accessibility Portability and accessibility - Pre-existing conditions - Enrollment at “life events” Accountability Accountability -Administrative Simplification -Privacy /Security Rule -Enforcement -Breach

4 HITECH Act H ealth I nformation T echnology for E lectronic and C linical H ealth Part of ARRA, aka the “Stimulus Bill” Part of ARRA, aka the “Stimulus Bill” EMR/EHR Adoption Rules and Incentives EMR/EHR Adoption Rules and Incentives Increased HIPAA Fines and Penalties Increased HIPAA Fines and Penalties Expanded Applicability of HIPAA Expanded Applicability of HIPAA

5 Allowable Disclosures HIPAA allows for the use and disclosure of PHI without authorization under 45 CFR 164: (b) FDA-regulated products: tracking, adverse events, post market surveillance (b) FDA-regulated products: tracking, adverse events, post market surveillance (g) Coroners and Medical examiners: for determining cause of death (g) Coroners and Medical examiners: for determining cause of death (h) Cadaveric organ, eye or tissue donation facilitation (h) Cadaveric organ, eye or tissue donation facilitation

6 Who is Subject to HIPAA Covered Entities Covered Entities Business Associates Business Associates

7 Covered Entity (A health plan). (A health care clearinghouse). A health care provider who transmits any health information in electronic form in connection with a transaction covered by this chapter. 45 CFR

8 Covered Entity – Exception #1 “We delete from the definition of ‘‘health care’’ activities related to the procurement or banking of blood, sperm, organs, or any other tissue for administration to patients… “Consequently, such procurement or banking activities are not considered health care and the organizations that perform such activities are not considered health care providers for purposes of this rule.” HIPAA Privacy Final Rule, Federal Register/Vol. 65, No. 250/ Thursday, December 28, 2000, p

9 Covered Entity – Exception #2

10 Business Associate With respect to a covered entity, a person who: On behalf of such covered entity, On behalf of such covered entity, But other than as a member of its workforce, But other than as a member of its workforce, Performs or assists in the performance of Performs or assists in the performance of A function or activity involving the use or disclosure of individually identifiable health information… A function or activity involving the use or disclosure of individually identifiable health information… 45 CFR

11 Business Associate (BA) Claims processing or administration Claims processing or administration Data analysis Data analysis Processing or administration Processing or administration Utilization review Utilization review Quality Assurance Quality Assurance Billing Billing Benefit Management Benefit Management Practice Management Practice Management Repricing Repricing Any other function regulated in this subchapter Any other function regulated in this subchapter … On behalf of the covered entity

12 Business Associate (BA) Legal Legal Actuarial Actuarial Accounting Accounting Consulting Consulting Data Aggregation Data Aggregation Management Management Administrative Administrative Accreditation Accreditation Financial Services Financial Services …

13 Business Associate – NOT US HIPAA Privacy Final Rule, Federal Register/Vol. 65, No. 250/ Thursday, December 28, 2000, p

14 Business Associate – What’s the Problem HIPAA now applies directly to Business Associates HIPAA now applies directly to Business Associates Civil and Criminal Penalties now apply directly to BAs Civil and Criminal Penalties now apply directly to BAs Must report Covered Entity for HIPAA non-compliance Must report Covered Entity for HIPAA non-compliance Subject to HIPAA Audit by Heath and Human Services Subject to HIPAA Audit by Heath and Human Services Signing a Business Associate Agreement subjects an exempt organization to HIPAA compliance

15 What’s so Bad about Being a BA Business Associates subject to HIPAA Fines and Penalties: “Authority to impose civil money penalties on business associates for violations of the HITECH Act is provided by sections 13401(b) and 13404(c).” Breach Notification for Unsecured Protected Health Information, Interim Final Rule, Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009

16 Business Associate - Implications Business Associates are subject to HIPAA Audit by HHS: “The protocol and audit program performance requested under this contract shall assist OCR in operating an audit program that effectively implements the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by ARRA.” Federal Business Opportunities (FBO.gov)

17 Defend your Status Document for your partners: 512(h) disclosures allowed without authorization 512(h) disclosures allowed without authorization Covered Entity –NOT for Eye Banks Covered Entity –NOT for Eye Banks Business Associate -NOT for Eye Banks Business Associate -NOT for Eye Banks Your dedication to donor privacy and data security (including compliance with 21 CFR Part 11) Your dedication to donor privacy and data security (including compliance with 21 CFR Part 11)


Download ppt "H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator."

Similar presentations


Ads by Google