Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Published byShon Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law."— Presentation transcript:

1 Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law

2 §2Definitions (3)Authorization – (4)Business associate (10)Designated record set (15)Health care operations (17)Incidental use or disclosure (20)LAR or legally authorized representative

3 §2Definitions (con.) (27)Professional (28)PHI or protected health information (29)Psychotherapy notes (30)Public health disaster

4 §4General Provisions (a) Policies and procedures (b) Retention (d) Safeguarding PHI (e) Disclosing PHI – Verify identity except in emergency – Alcohol and drugs – HIV AIDS

5 §4General Provisions (con.) (e) Disclosing PHI con. – Records from outside sources – Non disclosure of PHI about third party – Authorization in writing

6 §9When Authorization is not Required to Use or Disclose PHI (a)When necessary for TPO (b)When required or authorized by law. – CPS – Audits – Abuse/neglect – Advocacy Inc. – HHS – Law enforcement to lessen imminent harm

7 (b)When required or authorized by law (con.) – Research – Correctional institutions – Entities paying fees – Administrator of estate of deceased – LAR of person with DD

8 (c)When required by judicial and administrative proceedings Civil subpoenas Criminal subpoenas Court orders Law enforcement

9 §12Valid Authorization to Use or Disclose Protected Health Information the name of the individual; a description of the information to be used or disclosed that is specific and meaningful; a description of each purpose of the requested use or disclosure. The statement "at the request of the individual" is a sufficient description of the purpose when the individual initiates the authorization and does not, or elects not to, provide a statement of the purpose; the name or other specific identification of the person(s), or class of persons, permitted to make the disclosure;

10 §12Valid Authorization to Use or Disclose Protected Health Information the name or other specific identification of the person(s), or class of persons, to whom the disclosure may be made; an expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure; a statement that: – the individual may revoke the authorization – the component will comply with the revocation except to the extent that it has acted in reliance on it; – a statement that the component may not withhold treatment, Medicaid benefits, or payment processing if the individual does not to sign the authorization;

11 §12Valid Authorization to Use or Disclose Protected Health Information a statement that, except for PHI related to alcohol or drug abuse treatment, the potential exists for the PHI described in the authorization to be re-disclosed by the recipient and, therefore, no longer protected by medical privacy laws; the signature of the person who can authorize the use or disclosure (i.e., individual, LAR, or other representative) if the authorization form is signed by the individual's LAR or other representative, a description of the LAR's or other representative's authority to act for the individual; and the date the authorization form was signed.

12 §16Access to Protected Health Information by Individuals and LARs Denial provide a written denial to the requestor that uses plain language and contains: – the basis for the denial; – the duration of the denial; – if access is denied for a reviewable ground under paragraph (2) of this subsection, a statement of the requestor's right to request a review of the denial of access and the procedures for requesting a review; and – a description of how the requestor may complain to the component pursuant to the component's complaint procedures (as required in §7 (Complaints)), to the Office for Civil Rights, U.S. Department of Health and Human Services, including the contact information;

13 §16Access to Protected Health Information by Individuals and LARs file a copy of the written denial in the individual's record; to the extent possible, provide access, in accordance with subsection (c) of this section, to any other PHI requested, after excluding the PHI to which the component has reason to deny access; and allow examination and copying of the PHI by another professional if the individual selects the other professional to treat the individual for the same or a related condition as the professional denying access.

14 Breach Notification Act defines ‘‘breach’’ as the ‘‘unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of the protected health information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.’’ Business associates notify the covered entity. Time within 60 days from discovery

15 Breach Notification (con.) In writing –first class mail to last known address May be multiple mailings May also do electronic Minor to parent If not address, may do phone, public posting or major media Law enforcement may request a delay.

16 Breach Notification (con.) (1) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known; (2) A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); (3) any steps individuals should take to protect themselves from potential harm resulting from the breach;

17 Breach Notification (con.) (4) a brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches; and (5) contact procedures for individuals to ask questions or learn additional information, which must include a toll-free telephone number, an e-mail address, Web site, or postal address. With respect to indicating in the notification the types of protected health information involved in a breach, we emphasize that this provision requires covered entities to describe only the types of information involved.

18 Breach Notification (con.) Notification to secretary of HHS Immediately of 500 or more people Less than 500 people, keep a log and submit by year

Download ppt "Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Presented by Jennifer Coughlin www.brotherslaw.com Eugene, Oregon April 10, 2013.

Presented by Jennifer Coughlin Eugene, Oregon April 10, 2013.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.

Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.

1 Navigating the Privacy and Security Issues: HITECH Overview Rebecca L. Williams, RN, JD Partner Co-chair of HIT/HIPAA Practice Davis Wright Tremaine.
THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) (known as THE PRIVACY RULE)

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) (known as THE PRIVACY RULE)
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Informed Consent.

Informed Consent.
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.

THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Health Insurance Portability & Accountability Act (HIPAA)

Health Insurance Portability & Accountability Act (HIPAA)

Similar presentations

Ads by Google