Presentation is loading. Please wait.

Presentation is loading. Please wait.

H OGAN & H ARTSON, L.L.P.

Published byNatalie Carney Modified over 10 years ago

Similar presentations

Presentation on theme: "H OGAN & H ARTSON, L.L.P."— Presentation transcript:

1 H OGAN & H ARTSON, L.L.P. http:\\www.hhlaw.comPublicationsHealth

2 HIPAA Special Issues: Making Compliance Possible Donna A. Boswell Fall 2002 H OGAN & H ARTSON, L.L.P.

3 THE Secret to HIPAA: Responsibility Belongs Where You Say It Does Rule applies directly to a covered entity A corporate entity, partnership or foundation can narrow its scope of liability through the hybrid entity rules. The OHCA rules can be used to streamline administrative burdens and liability A covered entity can voluntarily expand the scope of its liability by entering into a business associate relationship, or by using the affiliated entity rules.

4 H OGAN & H ARTSON, L.L.P. The Compliance Goal: Getting A Handle On Costly Administrative Requirements Acknowledgement/intake process Authorizations and revocations Access/amend/accounting Restricted communications Requests for restricted use/disclosure Employee training and firewalls (and developing policies/systems for same)

5 H OGAN & H ARTSON, L.L.P. Just tell me what I have to do -- Why do I care about these? covered entity hybrid entity health care component business associate non-covered provider OHCA workforce Perhaps the most critical implementation challenge for lawyers is establishing the relationships between these HIPAA structures and the legal entities and individuals that must implement the requirements.

6 H OGAN & H ARTSON, L.L.P. HIPAA Entities Are Not Corporate Persons

7 H OGAN & H ARTSON, L.L.P. HIPAA Entities Are Designations in Compliance Documentation and/or Notice

8 H OGAN & H ARTSON, L.L.P. Tell me the Hybrid Entity Story… Hybrid entity: A single legal entity that is a covered entity whose business activities include both covered and non-covered functions That designates health care components (HCCs) in accord with the rule. –Must not leave any covered entity outside of a HCC –May include only a component that performs a covered function or an internal BA

9 H OGAN & H ARTSON, L.L.P. The Hybrid Entity Lived Happier in HIPAA Land Because… A rule reference to covered entity refers to HCC –(e.g., policies for workforce uses, disclosures, minimum necessary, training, security) A rule reference to protected health information refers to PHI created or received by/behalf of the health care component. –(e.g., access/inspect/amend/accounting; fundraising)

10 H OGAN & H ARTSON, L.L.P. Compliance Teamwork: Using OHCAs To Pool Obligations and Limit Liability When a HIPAA entity has a legal obligation-- –Who -- what corporate or living person -- may perform it? –How do you address apparent agency issues? When does performance count as compliance for a particular entity? –Who is liable if it is not performed?

11 H OGAN & H ARTSON, L.L.P. Organized Health Care Arrangements 1. Clinically integrated care setting in which individuals typically receive care from more than one provider. 2. Organized system of care -- Hold themselves out as joint arrangement, and participate in joint activities (UR, QA, PMT risk) 3. Group plan and HII or HMO 4. 2 or more group plans of same sponsor 5. 2 or more group plans and HMOs, HIIs

12 H OGAN & H ARTSON, L.L.P. OHCA Facts Is a definition only; not a required designation. May have a joint notice; need not have the same P&Ps Need not have BAAs for joint activities of the OHCA May include non-covered providers A living human being can be in an OHCA and be a separate covered entity (or non-covered provider) – no special designation required A covered entity can be in more than one OHCA

13 H OGAN & H ARTSON, L.L.P. OHCA Issues and Utility A tool for managing apparent agency liability & consumer protection issues. Designation via Notice, which also can establish responsibility for authorizations, revocations, and exercise of certain rights (e.g., confidential communications, restrictions) Policies and procedures – a HIPAA designation option

14 H OGAN & H ARTSON, L.L.P. Special Liability Issues Who will sign business associate agreement for the OHCA? When a use is authorized, are there restrictions on who may do it? When a disclosure is authorized, are there restrictions on what the recipient may do with the information? Does the entity that is authorized to disclose have legal obligations after doing so?

15 H OGAN & H ARTSON, L.L.P. Business Associate Agreements: Expansions of Liability On behalf of such covered entity…performs or assists in the performance of: –(A) A function or activity involving the use or disclosure of …[PHI], or –(B) Any other function or activity regulated by this subchapter, or …legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services… [involving PHI]

16 H OGAN & H ARTSON, L.L.P. BA Issues? (P. 53253) A third party is not your BA if PHI is for: –A covered function (e.g., treatment, payment), unless for the third party is performing the function on your behalf (e.g., billing) –A non-covered function, whether or not on your behalf, that is a disclosure permitted by the regulation (e.g., research, law enforcement, public health reporting) –An activity where PHI access is incidental

17 H OGAN & H ARTSON, L.L.P. Why not do a BA -- to be sure? Belts and suspenders do not help – you need only one compliance mechanism If you have a BA agreement with a third party: –all information transfers and all uses by the BA become uses by the CE -- if the BA activity is not a permissible use (i.e., TPO) the agreement is evidence of a CE violation –CE must cure, mitigate or report known violations –for each patient request of an accounting, you must have a mechanism to check BAs disclosures for purposes of providing the accounting.

18 H OGAN & H ARTSON, L.L.P.

19

Download ppt "H OGAN & H ARTSON, L.L.P."

Similar presentations

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.

Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google