THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Slides:



Advertisements
Similar presentations
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Health Information Technology Framework for Strategic Action U.S. Department of Health and Human Services Office of the National Coordinator for Health.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Confidentiality and HIPAA
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Update on Federal HIT Legislation Kirsten Beronio Mental Health America.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
THE TENTH NATIONAL HIPPA SUMMIT ELECTRONIC HEALTH RECORDS NATIONAL HEALTH INFORMATION INFRASTRUCTURE LEGAL ISSUES APRIL 7, 2005 Paul T. Smith, Esq. Partner,
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
PHARMACEUTICAL REGULATORY & COMPLIANCE CONGRESS NOVEMBER 16, 2004 Legal Issues in Health Information Technology Implementation for Pharmaceutical Enterprises.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Working with HIT Systems
HIPAA Health Insurance Portability and Accountability Act of 1996.
Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Health Insurance Portability and Accountability Act of 1996
Moving Health Information In An Emergency
HIPAA CONFIDENTIALITY
HEALTH INFORMATION TECHNOLOGY SUMMIT OCTOBER 23, 2004 COMMUNITY-BASED COLLABORATIONS: LEGAL ISSUES: STARK, FRAUD & ABUSE Paul T. Smith, Esq. Partner,
HIPAA Administrative Simplification
Understanding HIPAA Dr. Jennifer Lu.
Paul T. Smith Davis Wright Tremaine LLP
SHARING CLINICAL DATA: Legal and Privacy Issues
Refuah Community Health Collaborative (RCHC) PPS
Move this to online module slides 11-56
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
NATIONAL HEALTH INFORMATION TECHNOLOGY AUDIOCONFERENCE NOVEMBER 23, 2004 Legal Barriers to the Adoption of Health Information Technology Paul T. Smith,
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
manatt | phelps | phillips
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Drew Hunt Network Security Analyst Valley Medical Center
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Enforcement and Policy Challenges in Health Information Privacy
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.
Privacy in Nationwide Health IT
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP 505 Montgomery St., Suite 600 San Francisco, CA 94111 415.276.6532 paulsmith@dwt.com

National Health Information Infrastructure Executive Order 1335, April, 2004— Called for widespread adoption of interoperable EHRs within 10 years Created position of National Coordinator for Health Information Technology National Coordinator issued a Framework for Strategic Action issued July 21, 2004 Consists of 4 goals, each with 3 strategies

Goals of the NHII Informing Clinical Practice Promoting use of EHRs by Incentivizing EHR adoption Reducing the risk of EHR investment

Goals of the NHII Interconnecting clinicians by creating interoperability through Regional health information exchanges National health information infrastructure Coordinating federal health information systems

Goals of the NHII Personalizing care Promotion of personal health records Enhancing consumer choice by providing information about institutions and clinicians Promoting tele-health in rural and underserved areas

Goals of the NHII Improving population health Unifying public health surveillance Streamlining quality of care monitoring Accelerating research and dissemination of evidence

Benefits for the Consumer Providers make better decisions, because-- They have better information They use smart systems Improved public health surveillance and response Improved research and quicker adoption of best practices Consumers make better decisions because— They have access to their own health information They have qualitative information about providers

Regional Health Information Organization Public health surveillance Quality accountability Research Others? Consumers RHIO Health Plan Provider Provider Provider Provider

What Am I Concerned About? Is my information available on the network? Can I control this? Who is allowed access to my information on the network? Will I know this? Can I control it? What uses can be made of my information on the network? Do I have access to my information on the network? Can I change it? How secure is my health information on the network? What accountability is there for misuse of my information?

Consumer Rights under HIPAA HIPAA gives consumers rights to-- Access health information Amend/annotate health information Request restrictions on use and disclosure Accounting of non-routine disclosures Notice of privacy practices

Consumer Rights under HIPAA HIPAA does not give consumers rights to-- Decide whether to participate in electronic record exchange Know whether information about them is being made available through an electronic exchange Restrict what information is made available through the exchange, and to whom Know who has had routine access to the information in the exchange Get on-line access to information in the exchange Receive notice of breaches of security of data in the exchange Hold people accountable for misuses of data

Privacy under HIPAA All protected health information is the same Regulation of use and disclosure of health information is permissive, except Disclosure to the individual Disclosure to HHS for compliance Disclosure is generally permitted without consumer authorization for— Treatment Health care operations (including payment) Public-interest related purposes

Privacy under HIPAA Will the network allow-- Access by providers for— treatment payment health care operations Access by health plans for payment Access by public health authorities Access for research Access by law enforcement authorities Access by private litigants Access by social service agencies

Security under HIPAA Covered entities must maintain reasonable and appropriate administrative, technical and physical safeguards— To ensure confidentiality and integrity of information To protect against reasonably anticipated-- threats to security or integrity unauthorized uses or disclosures

Security under HIPAA Technology neutral, flexible and scalable To be implemented in a manner that best suits the entity’s needs, circumstances and resources, taking into account-- Size and complexity Technical infrastructure and capabilities Potential risks to health information Cost of security measures

Security in an Information Exchange Standards with implementation features, e.g. Standard: access control Implementation feature: Unique user identifier (password, PIN, biometric, etc.) Some implementation features are “addressable” (optional) – e.g., encryption

Security under HIPAA Authentication – who is this? Patient matching Authorization – what information can this user access? Logging and auditing Enforcement

Policing the Exchange under HIPAA Not directly regulated Covered entities disclosing health information are required to obtain & enforce contractual assurances that the business associate will-- Safeguard the data (security) Restrict uses and disclosures to those permitted to the covered entity (privacy) Return or destroy the data on termination, if feasible

Policing the Exchange A covered entity is liable for breaches by business associate if the covered entity-- Learns of a pattern or practice of violations, and Fails to take reasonable and appropriate remedial measures Weak standard No private right of action

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.