Presentation is loading. Please wait.

Presentation is loading. Please wait.

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,

Published bySophia Wilkinson Modified over 10 years ago

Similar presentations

Presentation on theme: "The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,"— Presentation transcript:

1 The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan, JD Morris, Manning & Martin, LLP Washington, DC 202.408.0705 jholahan@mmmlaw.com

2 2 Road Map Overview of the HIPAA Privacy Rule Covered entities and products Compliance deadlines General requirements Impact on agents Business associate contract Disclosures to agents by insurers Impact on employers

3 3 Covered Entities Health plans Health care providers engaging standard electronic transactions Health care clearinghouses

4 4 Health PlansProvide or Pay Cost of Medical Care Health insurance issuers and HMOs Issuers of Medicare supplemental policies Issuers of long-term care policies (except nursing home fixed-indemnity policies) Group health plans (except self-administered with fewer than 50 participants) MEWAs State high risk pools Medicare, Medicare+Choice, CHAMPUS and certain other programs Any other individual or group health plan that provides or pays for the cost of medical care

5 5 Covered Products Major medical HMO Dental and vision Most long-term care Medicare supplemental Medicare+Choice

6 6 Excluded Products Life Accident only Disability income Coverage issued as supplement to liability insurance Liability insurance, including general liability and auto liability insurance Auto medical payment Credit-only Coverage for on-site medical clinics

7 7 Gray Area Specified disease Hospital indemnity

8 8 Compliance Deadlines Most health insurance issuers and HMOs and any group health plansApril 14, 2003 Small health plans (annual receipts of $5 million or less)April 14, 2004

9 9 General Requirements Restricts use and disclosure of protected health information (PHI) without written authorization Minimum necessary standard Individual Rights Restrictions on use and disclosure Access Accounting of disclosures Amendment Business associate contracts Amend group health plan documents in some cases to impose requirements on sponsor

10 10 General Requirements, Cont. Notice of privacy practices Administrative requirements, including: Privacy officer Privacy contact office Privacy policies and procedures Trainingworkforce only

11 11 Permitted Uses and Disclosures Pursuant to written authorization compliant with HIPAA For treatment, payment or health care operations To individual or personal representative Friend, family member or other person identified by individual with written or oral agreement Required by law Regulators Judicial and administrative proceedings Law enforcement To health oversight agency as authorized by law

12 12 Permitted Uses and Disclosures Health Care Operations Health care operations include: Activities by or on behalf of health plan relating to the creation, renewal or replacement of a contract for health insurance or health benefits Customer service by or on behalf of health plan

13 13 Permitted Uses and Disclosures Payment Payment includes: Activities by or on behalf of health plan to determine eligibility or coverage Claims management by on behalf of health plan

14 14 Disclosure By Health Plan To Agent Payment or health care operations Friend, family member or other person identified by individual: PHI directly relevant to persons involvement in individuals health care Written or oral agreement, opportunity to object and no objection or reasonable inference of no objection based on professional judgment Written authorization

15 15 Required Uses and Disclosures Individual access to PHI Secretary of DHHS for investigating covered entitys compliance

16 16 Required Elements of the Business Associate AgreementPart I Establish permitted and required uses and disclosures of PHI by business associate May not authorize the business associate to use or disclose information in a way that would violate the Privacy Rule if done by covered entity, with exceptions where necessary for business associates management and administration and for data aggregation services

17 17 Required Elements of the Business Associate AgreementPart II Provide that the business associate will: Not further use or disclose PHI other than as permitted or required by law Use appropriate safeguards to prevent use or disclosure other than as provided by the agreement If aware of any use or disclosure not provided by the agreement, report it to covered entity Ensure that any agents, including subcontractors, to whom it provides PHI agree to same restrictions

18 18 Required Elements of the Business Associate AgreementPart III Provide that the business associate will: Make PHI available for access by the individual Make PHI available for amendment and incorporate any amendments Make PHI available to provide an accounting of disclosures Make its internal practices, books, and records available to DHHS for investigating covered entitys compliance

19 19 Required Elements of the Business Associate AgreementPart IV At termination of contract, if feasible, return or destroy all PHI received from covered entity or created or received on behalf of covered entity and retain no copies. If return or destruction not feasible, extend protections of contract to information retained and limit use and disclosure to purposes for which information must be retained.

20 20 Permitted Elements of the Business Associate Agreement May permit the business associate to use and disclose PHI as necessary for: Management and administration of its business; and To carry out its legal responsibilities But unless disclosure required by law, business associate must obtain reasonable assurances from person to whom PHI is disclosed that: PHI will be held confidentially; PHI will be further disclosed only as required by law or for purpose for which it was disclosed to the person; and Person will notify business associate of any known breach of confidentiality

21 21 Breach of Business Associate Contract Required Action By Covered Entity Take reasonable steps to cure the breach If unsuccessful, terminate contract if feasible If termination not feasible, report problem to DHHS To extent practicable, mitigate any known harm from violation

22 22 Group Health Plans Self-insured plansall of the Privacy Rules provisions apply, including: Provide privacy notice Implement policies and procedures Train workforce Plans offering flexible savings accountsmay need to treat as a self-insured plan Insured plansdepends on how much PHI created or received from issuer or HMO

23 23 Insured Group Health Plans If group health plan creates or receives only summary PHI and information about whether individual has enrolled or disenrolled, duties greatly reducedfor example: No notice required No need for written policies and procedures No training required If group health plan creates or receive other PHI, then: Must maintain notice and provide on request All other requirements of Privacy Rule apply

24 24 Plan Sponsor No requirements, if plan sponsor only receives: Summary PHI for purpose of obtaining premium bids or modifying, amending or terminating plan; Information on whether individual has enrolled or disenrolled; or PHI disclosed pursuant to a written authorization If sponsor receives other PHI, must amend plan documents and group health plan must receive written certification of amendment and give notice

25 25 Amendment of Group Health Plan Documents Much like business associate contract, with added provisions Not use or disclose PHI for employment-related actions and decisions Not use or disclose PHI in connection with any other benefit or employee benefit plan of sponsor Ensure adequate separation between group health plan and sponsor

26 26 Adequate Separation Describe employees or classes of employees and other persons under control of plan sponsor with access to PHI Restrict access to and use of PHI by employees and other persons to plan administration functions Provide effective mechanism for resolving issues of noncompliance by employees and persons with access to PHI

27 The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan, JD Morris, Manning & Martin, LLP Washington, DC 202.408.0705 jholahan@mmmlaw.com

Download ppt "The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,"

Similar presentations

JCAHO –A HIPAA Business Associate National HIPAA Summit

JCAHO –A HIPAA Business Associate National HIPAA Summit
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Pennsylvania Bureau of Workers’ Compensation Conference December 4, 2003 Beth L. Rubin  2003 Dechert LLP HIPAA Privacy Rule Basics.

Pennsylvania Bureau of Workers’ Compensation Conference December 4, 2003 Beth L. Rubin  2003 Dechert LLP HIPAA Privacy Rule Basics.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.

HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google