Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin.

Published byAron Horton Modified over 8 years ago

Similar presentations

Presentation on theme: "Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin."— Presentation transcript:

1

2 Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin Forge Road Exton, PA 19341 Tel.: (610) 423-4200 Fax: (610) 423-4201 rmartin@tshealthlaw.com

3 Copyright  Tsoules, Sweeney & Martin, LLC 2 Overview Coordination of Care for Co-occurring Problems and Illnesses IOM Report Barriers/Hindrances –Cultural –Financial –Legal  HIPAA and pre-emption  PA Mental Health Law  Federal and State Substance Abuse

4 Copyright  Tsoules, Sweeney & Martin, LLC 3 Overview (Continued) National Health Information Network Electronic Health Records Organizational approaches

5 Copyright  Tsoules, Sweeney & Martin, LLC 4 Coordination of Care - Paramount Mental and substance abuse and illnesses rarely occur in isolation. Physical illnesses (heart disease, diabetes, cancer, neurological illnesses) frequently accompany mental and substance abuse. Diverse providers often fail to detect and treat these co-occurring problems.

6 Copyright  Tsoules, Sweeney & Martin, LLC 5 Barriers to Collaboration/Coordination Separation of MH/Substance Abuse from general health care Separation of MH/Substance Abuse from each other Reliance on multiple systems and non-health care sectors to secure MH/Substance Abuse services (juvenile and criminal justice, education, child welfare) Multiple and separately licensed and regulated care providers Separate and multiple disclosure confidentiality requirements

7 Copyright  Tsoules, Sweeney & Martin, LLC 6 Barriers to Collaboration/Coordination Separate financial systems and coverage Separate cultures

8 Copyright  Tsoules, Sweeney & Martin, LLC 7 Legal Parameters for Sharing Healthcare Information HIPAA Privacy Rule: Generally: Permits (“Covered Entities”) to release – without patient authorization – protected health information (PHI) (except psychotherapy notes) to another provider for treatment, payment and health care operations.

9 Copyright  Tsoules, Sweeney & Martin, LLC 8 Scope: Who is Covered? Limited to “covered entities”: –Health care providers who transmit health information in electronic transactions for which the Secretary has adopted standards –Health plans –Health care clearinghouses –Sponsors of prescription drug discount cards Business associate relationships (indirectly)

10 Copyright  Tsoules, Sweeney & Martin, LLC 9 Organizational Issues Hybrid Entities (designate health care component(s)) Organized Health Care Arrangements (OHCAs) – multiple covered entities can share PHI; e.g., clinically integrated care settings (medical staff and hospital). –OHCAs hold themselves out to public as joint arrangement –OHCAs participate in joint activities that include UR, QA or sharing of financial risk

11 Copyright  Tsoules, Sweeney & Martin, LLC 10 Organizational Issues Affiliated Covered Entities – legally separates CEs that are under common ownership. One entity has the power directly or indirectly to significantly influence or direct actions of the other or has ownership or equity interest of 5% or more in another. –Must document relationship –Adhere to Security requirements

12 Copyright  Tsoules, Sweeney & Martin, LLC 11 Business Associates Agents, contractors, others hired to do work on behalf of covered entity that requires use and disclosure of PHI to Business Associate Covered entity must obtain satisfactory assurances – usually through a contract – that a business associate will safeguard protected health information, limit use and disclosure

13 Copyright  Tsoules, Sweeney & Martin, LLC 12 Preemption of State Law General Rule State law will be preempted if a standard, requirement, or implementation specification of HIPAA Privacy Rule is contrary to a provision of state law.

14 Copyright  Tsoules, Sweeney & Martin, LLC 13 Preemption of State Law “…contrary to a provision of State law…” –A covered entity would find it impossible to comply with both the state and federal requirements or –The provision of state law is an obstacle to compliance and enforcement of HIPAA.

15 Copyright  Tsoules, Sweeney & Martin, LLC 14 Preemption of State Law (Cont'd.) HIPAA Privacy Regulations preempt Pennsylvania laws and regulations except: State law relates to privacy of PHI and is more stringent than HIPAA.

16 Copyright  Tsoules, Sweeney & Martin, LLC 15 What is "More Stringent"? When state law is compared to the HIPAA Privacy Regulations, the state law : 1.Restricts or prohibits a use/disclosure permitted by HIPAA. 2.Permits greater rights of privacy in or to access or amendment of PHI. 3.Provides more information to the Individual.

17 Copyright  Tsoules, Sweeney & Martin, LLC 16 What is "More Stringent"? (Cont'd.) 4.Narrower in scope or duration; reduces coercive effect surrounding authorizations. 5.Provides for the retention or reporting of more information or longer duration.

18 Copyright  Tsoules, Sweeney & Martin, LLC 17 HIPAA Privacy Administrative Requirements DOCUMENTED policies, procedures and systems Designate privacy official and contact person Implement administrative, technical and physical safeguards Privacy Training Legal Documents – Notice of Privacy Practices; Business Associate Complaint mechanism Human Resource enforcement policies

19 Copyright  Tsoules, Sweeney & Martin, LLC 18 HIPAA Preemption/Privacy Rule Result: PA mental health law generally supersedes HIPAA and PA law applies relative to use and disclosure of PHI. PA law silent on many of these administrative requirements. So must look to and comply with many of these administrative requirements.

20 Copyright  Tsoules, Sweeney & Martin, LLC 19 HIPAA Security Rule HIPAA Privacy covers what information you protect – the use and disclosure of PHI HIPAA Security covers how you protect that information and when –Adopt national standards for safeguards to protect the confidentiality, integrity, and availability of the data

21 Copyright  Tsoules, Sweeney & Martin, LLC 20 General Requirements Ensure –Confidentiality: who can see the information –Integrity: the information has not been altered in any way –Availability: it can be accessed on a timely basis

22 Copyright  Tsoules, Sweeney & Martin, LLC 21 General Requirements Applies to electronic protected health information –Note that privacy extends to oral and written communications Applies to the electronic PHI that a covered entity: –Creates –Maintains –Transmits

23 Copyright  Tsoules, Sweeney & Martin, LLC 22 General Requirements Covered entities must: –Protect against reasonably anticipated threats or hazards to the security or integrity of information –Protect against reasonably anticipated uses and disclosures as outlined in the privacy rule –Ensure compliance by workforce –Develop business associate contracts as appropriate

24 Copyright  Tsoules, Sweeney & Martin, LLC 23 Overarching Themes Security is technology neutral –Outlines what needs to be done to protect the information, but not how it should be done Security is comprehensive –Covers the technical, administrative, and behavioral aspects of compliance

25 Copyright  Tsoules, Sweeney & Martin, LLC 24 Regulatory Approach Scalability (size) and flexibility (implementation) Organizational approaches should account for: –Size –Complexity –Technical Infrastructure –Cost –Potential Security Risks

26 Copyright  Tsoules, Sweeney & Martin, LLC 25 Regulatory Approach Developed standards –Administrative –Physical –Technical Within each standard are a series of implementation specifics that can be either Required or Addressable

27 Copyright  Tsoules, Sweeney & Martin, LLC 26 Regulatory Approach Required – A MUST Addressable – a covered after conducting a documented risk analysis, may: –Implement a solution if reasonable and appropriate –Implement an equivalent measure, if reasonable and appropriate –Not implement

28 Copyright  Tsoules, Sweeney & Martin, LLC 27 Administrative Standards Security Management –Risk analysis (R) –Risk management (R) Assigned Responsibility: Security Officer– (R) Workforce Security –Termination procedures (A) –Clearance procedures (A)

29 Copyright  Tsoules, Sweeney & Martin, LLC 28 Administrative Standards Information Access Management –Isolating clearinghouse (R) –Access authorization (A) Security Awareness and Training (R ) Security Incident Procedures (R) Contingency Plan –Disaster Recovery Plan (R) Evaluation (R) Business Associate Contracts

30 Copyright  Tsoules, Sweeney & Martin, LLC 29 Physical Standards Facility Access Controls – All addressable –Contingency operations –Facility Security Plan –Access control –Maintenance records Workstation Use Workstation Security Device and Media Controls

31 Copyright  Tsoules, Sweeney & Martin, LLC 30 Technical Standards Access Control –Unique user ID (R) –Emergency access (R) –Automatic logoff (A) –Encryption and decryption (A) Audit Controls Integrity Controls Person or Entity Authentication Transmission Security

32 Copyright  Tsoules, Sweeney & Martin, LLC 31 HIPAA Security Standards Security Standards do not preempt state law. PA mental health laws silent Must implement HIPAA Security Standards

33 Copyright  Tsoules, Sweeney & Martin, LLC 32 SUBSTANCE ABUSE RECORD CONFIDENTIALITY

34 Copyright  Tsoules, Sweeney & Martin, LLC 33 Substance Abuse Confidentiality Confidentiality of Alcohol and Drug Abuse Patient Records (42 C.F.R. Part 2) –Protects from disclosure: –The records of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education, training, treatment, rehabilitation, or research, which is conducted, regulated or directly or indirectly assisted by any department or agency of the United States.

35 Copyright  Tsoules, Sweeney & Martin, LLC 34 Substance Abuse Confidentiality Confidentiality of Alcohol and Drug Abuse Patient Records (42 C.F.R. Part 2) –Definitions  “Records” – include any information received or acquired by a program whether oral or written. The prohibitions against disclosure of records continue to apply to records irrespective of the patient’s status in the program. (Continued)

36 Copyright  Tsoules, Sweeney & Martin, LLC 35 Substance Abuse Confidentiality –Definitions  “Patient” – includes any individual who either has applied for or has been given diagnosis or treatment for alcohol or drug abuse at a federally assisted program and includes any individual who, after arrest on a criminal charge, is identified as an individual with alcohol or drug abuse in order to determine that individual(s) eligibility to participate in a program. (Continued)

37 Copyright  Tsoules, Sweeney & Martin, LLC 36 Substance Abuse Confidentiality –Definitions  “Programs” – The requirements apply only to a “federally assisted alcohol or drug abuse program” – defined as an individual or entity or an identified unit within a general medical facility “who holds itself out as providing, and provides alcohol or drug abuse diagnosis, treatment or referral for treatment.” (Continued)

38 Copyright  Tsoules, Sweeney & Martin, LLC 37 Substance Abuse Confidentiality The Federal Confidentiality Requirements do NOT apply to the following: –Hospital emergency room and general medical surgical patients’ records where the health care facility is not a federally assisted “program” – does not have an identified unit which provides substance abuse services, or medical personnel or other staff whose primary function is the provision of substance abuse services and who are identified as being such providers. (Continued)

39 Copyright  Tsoules, Sweeney & Martin, LLC 38 Substance Abuse Confidentiality The Federal Confidentiality Requirements do NOT apply to the following: –Interchange of records within the Armed Forces and the Veteran’s Administration. –Crimes on program premises or against program personnel –Communications between a program and a “qualified service organization” of information needed by the organization to provide services to the program. –Internal communications within program

40 Copyright  Tsoules, Sweeney & Martin, LLC 39 Substance Abuse Confidentiality Disclosure: Exceptions –Internal Communications  Can occur within a program/office or with an entity having direct administrative control, if information is needed  Staff can share information with each other, supervisors  Staff of the hospital’s record-keeping or billing department

41 Copyright  Tsoules, Sweeney & Martin, LLC 40 Substance Abuse Confidentiality Consent Requirements –Consent Form Requirements  Redisclosure of information released is prohibited without written consent

42 Copyright  Tsoules, Sweeney & Martin, LLC 41 Substance Abuse Confidentiality Exceptions to the Consent Requirement— Nonconsensual Disclosure Permitted –To medical personnel in a “bona fide” medical emergency; –To medical personnel of the FDA who need the information to notify patients of errors in drug labeling or manufacture; –To qualified personnel when conducting scientific research, management audits, financial audits or program evaluation (cannot identify directly or indirectly any individual patient in any such report); (Continued)

43 Copyright  Tsoules, Sweeney & Martin, LLC 42 Substance Abuse Confidentiality Exceptions to the Consent Requirement— Nonconsensual Disclosure Permitted –To governmental or third party payers, with certain restrictions; and –If authorized by a court order and a subpoena, issued after a showing of “good cause.” 42 U.S.C. § 290dd-2(b)(2); 42 C.F.R. § § 2.51-2.53.

44 Copyright  Tsoules, Sweeney & Martin, LLC 43 Substance Abuse Confidentiality Disclosure: Exceptions With Patient Consent –Patient can authorize specific disclosures –The Patient’s consent must be in writing –Consent must contain specific elements: (very similar to HIPAA authorization)

45 Copyright  Tsoules, Sweeney & Martin, LLC 44 Substance Abuse Confidentiality Disclosure: Exceptions –Qualified Service Organization Agreement  Program or office can disclose to QSO without consent  QSO: a person or agency that provides services that the program/office itself does not provide (e.g., data processing, billing, professional services, vocational counseling)  QSO must be qualified to communicate with the program/office (i.e., written agreement)

46 Copyright  Tsoules, Sweeney & Martin, LLC 45 Substance Abuse Confidentiality Disclosure: Exceptions –Qualified Service Organization Agreement  Program or office may freely communicate with QSO only the information needed by QSO  Program or office can enter into such an agreement only if QSO offers service the program/office does not offer  Program/office doesn’t have to inform patients about QSOs

47 Copyright  Tsoules, Sweeney & Martin, LLC 46 Part 2: “Security” Requirements Written records must be “maintained in a secure room, locked file cabinet, safe, or similar container.” 42 C.F.R. § 2.16. PA law-records shall be secured within a locked storage container. 4 Pa. Code § 257 (d)(1)(i).

48 Copyright  Tsoules, Sweeney & Martin, LLC 47 MENTAL HEALTH PATIENT RECORDS

49 Copyright  Tsoules, Sweeney & Martin, LLC 48 Confidentiality of Records INPATIENT PSYCHIATRIC SERVICES Confidentiality of Records under MHPA: All documents concerning persons in treatment shall be kept confidential and, without the person’s written consent, may not be released or their contents disclosed to anyone except: (a)those engaged in providing treatment for the person; (b)the county administrator; (c)a court in the course of commitment proceedings; and (d)Under Federal laws governing patient information where treatment is undertaken in a federal agency.

50 Copyright  Tsoules, Sweeney & Martin, LLC 49 Confidentiality of Records Non-Consensual Release of Information Treatment Records are confidential and shall not be released nor disclosed without written consent of client/patient except relevant portions or summaries may be released or copied as follows: –Persons actively engaged in treatment –Third Party Payors (information released without consent or court order is limited) –Reviewers and Inspectors (e.g. JCAHO, CARF) –Response to court order (§5100.35(b)) –Emergency medical situation –Minimum Necessary

51 Copyright  Tsoules, Sweeney & Martin, LLC 50 Confidentiality of Records Patient Access to Records and Control Over Release of Records –14 years of age or older who understand nature of documents to be released –A person chosen by client/patient –If client/patient is deceased, client/patient’s executor or personal representative of estate –Parent or Guardian if person is under 14 or incompetent

52 Copyright  Tsoules, Sweeney & Martin, LLC 51 Confidentiality of Records Patient Access to Records and Control Over Release of Records –Records from other Agencies become part of record; subject to control by client/patient

53 Copyright  Tsoules, Sweeney & Martin, LLC 52 Confidentiality of Records Consensual Release to Third Parties –Access to records granted to third parties upon written consent of client/patient –Client/patient designates Payor-designates consent to release for reimbursement – minimum necessary applies –Client/patient has right to inspect –Mandated Requirements in consent form

54 Copyright  Tsoules, Sweeney & Martin, LLC 53 Confidentiality of Records Release to Courts –No release of records in response to a subpoena or other discovery proceedings without patient consent or an additional court order –Duty to Inform Court –Inform client/patient’s attorney –Defense counsel for Provider may review records; minimum necessary applies –Violations include civil and criminal liability

55 Copyright  Tsoules, Sweeney & Martin, LLC 54 Release of Mental Health Records Under Act 147 Rights of Minors Except for the limited rights of a parent/legal guardian general rule: The minor (age 14 or older) shall control the release of the minor's mental health inpatient and outpatient treatment records and information to the extent allowed by law. Release subject to the provisions of the MHPA and other applicable federal and state statutes and regulations.

56 Copyright  Tsoules, Sweeney & Martin, LLC 55 Nation Moving to Electronic Health Care Records National Health Information Infrastructure President’s New Freedom Commission on Transforming Mental Health Treatment Recommendations –Use HIT to improve access and coordination –Develop and implement integrated HER and personal health systems

57 Copyright  Tsoules, Sweeney & Martin, LLC 56 So,... Where are we going? Most MH/Substance Abuse treatment is paper based –3,000 to 10,000 hours of care go undocumented = $360,000 to $1 million annually –25,000 to 42,000 hours of lost clinical time due to paper inefficiencies-annual value $2.2 to $3.7 million –13,000-20,000 hours of support staff time spent on unnecessary medical record work-annual value $500,000-$700,000.

58 Copyright  Tsoules, Sweeney & Martin, LLC 57 National Health Information Infrastructure Executive Order 1335, April 2004 – –Called for widespread adoption of interoperable EHRs within 10 years –Created position of National Coordinator for Health Information Technology –National Coordinator issued a Framework for Strategic Action issued July 21, 2004 –Consists of 4 goals, each with 3 strategies

59 Copyright  Tsoules, Sweeney & Martin, LLC 58 Goals of the NHII Informing Clinical Practice –Promoting use of EHRs by  Incentivizing EHR adoption  Reducing the risk of EHR investment

60 Copyright  Tsoules, Sweeney & Martin, LLC 59 Goals of the NHII Interconnecting clinicians by creating interoperability through –Regional Health Information Organizations (RHIOs) –National health information infrastructure –Coordinating federal health information systems

61 Copyright  Tsoules, Sweeney & Martin, LLC 60 Goals of the NHII Personalizing care –Promotion of personal health records –Enhancing consumer choice by providing information about institutions and clinicians –Promoting tele-health in rural and underserved areas

62 Copyright  Tsoules, Sweeney & Martin, LLC 61 Goals of the NHII Improving population health –Unifying public health surveillance –Streamlining quality of care monitoring –Accelerating research and dissemination of evidence

63 Copyright  Tsoules, Sweeney & Martin, LLC 62 Regional Health Information Organization RHIO Public health surveillance Quality accountability Research Others? Health Plan Consumers Provider

64 Copyright  Tsoules, Sweeney & Martin, LLC 63 Overcoming Legal Barriers 1.Unified Programs 2.Take advantage of current law 3.Universal Authorizations 4.Effectuate change (locally and nationally) Come to the table!

65 Copyright  Tsoules, Sweeney & Martin, LLC 64 Ways to Disclose Under HIPAA and 42 C.F.R. § 2 Use the OHCA and Affiliated Entity options to define your “program” more expansively Use the Qualified Service Organization/ designation with a mental health treatment provider to permit disclosure to mental health provider NOTE: Mental health treatment provider precluded from redisclosing under QSO designation.

66 Copyright  Tsoules, Sweeney & Martin, LLC 65 Ways to Disclose Under PA Mental Health Law/HIPAA Take advantage of current law: Does an exception apply? Can you “embed” providers into one agency and facility? Provider-Provider Provider – Payor Use universal/3 way compliant authorization when necessary/appropriate

67 Copyright  Tsoules, Sweeney & Martin, LLC 66 Ways to Disclose: Non-PHI De-identified data –May be aggregated/shared –Is it truly de-identified? Limited data sets –For public health, research or operations –Need data use agreement

68 Copyright  Tsoules, Sweeney & Martin, LLC 67

Download ppt "Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.

Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google