New School Violence Law; HIPAA Privacy Training

Slides:



Advertisements
Similar presentations
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
Advertisements

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Anne Arundel County Fire Department
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Health Insurance Portability and Accountability Act.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HEALTH INSURANCE PORTABILITY AND ACCOUNTIBILITY ACT PAUL D. FRIEDMAN, M.A., J.D. 300 W. Clarendon, Ste. 400 Phoenix, Arizona (602)
Informed Consent.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
Proprietary and confidential and may not be reproduced or distributed without the express consent of Cap Gemini Ernst & Young U.S. LLC and Ernst & Young.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
1 Disclosures © HIPAA Pros 2002 All rights reserved.
HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA (health insurance portability and accountability act)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Practicing In Harmony with HIPAA The views and opinions expressed in the presentation are those of the presenter, and not necessarily official positions.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
1 Tenth National HIPAA Summit HIPAA in the Real World: The Application of HIPAA to Physician Practices Gerald E. DeLoss, Esq. General Counsel Fairmont.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
Health Insurance Portability and Accountability Act
HIPAA Privacy Rule Training
Denise Chrysler, JD Director, Mid-States Region
Health Insurance Portability and Accountability Act of 1996
HIPAA PRIVACY & SECURITY TRAINING
UNDERSTANDING WHAT HIPAA IS AND IS NOT
10 Patient Confidentiality and HIPAA
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA Administrative Simplification
Health Insurance Portability and Accountability Act
HIPAA Pros - Disclosures
Confidential Records and Protected Disclosures
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
The Health Insurance Portability and Accountability Act
2003 Immunization Registry Conference
National Congress on Health Care Compliance
The Health Insurance Portability and Accountability Act
Issues in HIPAA Research Compliance
The Health Insurance Portability and Accountability Act
Health Insurance Portability and Accountability Act
Health Insurance Portability and Accountability Act
South Jordan City Fire Department
The Health Insurance Portability and Accountability Act
Presentation transcript:

New School Violence Law; HIPAA Privacy Training Presented by: Tracey K. Jaensch, Esq.

What We Will Cover New Personnel and Privacy Issues Arising from Marjory Stoneman HS Public Safety Act Overview of HIPAA Privacy Requirements Exceptions Related to Law Enforcement Take Aways

HIPAA Privacy and Security Rule Overview Health Insurance Portability and Accountability Act (HIPAA) Amendment – Health Information Technology for Economic and Clinical Health (HITECH) Act Purpose of Mandates properly protect individuals’ health information while allowing the flow of health information needed to provide and promote high quality health care

HIPAA Privacy Rule Applicable only to Covered Entities and Business Associates Requires implementation of standards to safeguard protected health information (PHI)

HIPAA Privacy Rule Covered Entities Business Associates health plans (fully insured or self-funded) health care providers (e.g. Crossroads) healthcare clearinghouses Business Associates person or organization that performs, or assists in performing, a service or function on behalf of a covered entity that involves use or disclosure of PHI

Entities Specifically NOT Covered HIPAA Privacy Rule Entities Specifically NOT Covered Employers Life, Disability, and Workers’ Compensation Insurers Law Enforcement Agency School? What services provided and who pays for services

HIPAA Privacy Rule PHI is: individually identifiable health information in any form Electronic Written Oral that is created or received by a covered entity or business associate

Examples of PHI Names and Addresses Premiums and coverage amounts Account numbers Geographic subdivisions smaller than a State, including street address, city, county, zip Certificate/license numbers All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, or date of death Internet Protocol (IP) address Telephone and Fax numbers, E-mail Addresses Biometric identifiers, including finger and voice prints, full face photographic images, etc. Social Security Numbers Medical record numbers and Health Plan Beneficiary Numbers Any other unique identifying number, characteristic, etc.

HIPAA Privacy Rule Defines when PHI is: required to be disclosed permitted to be used or disclosed without consent permitted to be used or disclosed only with authorization from the individual

HIPAA Security Rule contains requirements for the storage, transmission and access to electronic PHI applies to covered entities and business associates

HIPAA Privacy and Security Rule Overview Enforcement of Privacy and Security Rule Privacy and Security Officer Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) States Attorney General

HIPAA Privacy and Security Rule Overview Civil Penalties States Attorney General max recovery of $25K OCR 4 tiers up to $1.5M for willful violations Individuals may share in civil penalties recovered

Privacy Rule Compliance Permitted Uses and Disclosures To the individual involved; For routine disclosures for health purposes with or without the individual’s consent; OR With the individual’s authorization, to make non-routine disclosures.

Privacy Rule Compliance Routine Disclosures Health care Treatment; Health care Payment; OR Health care Operations -Disclosures generally permitted with or without individual’s consent

Privacy Rule Compliance Non-Routine Disclosures (Non-TPO) Those disclosures relating to: Marketing Employment decisions; or Non-health purposes. - Must Get Written Authorization

Privacy Rule Compliance Minimum Necessary Standard Any disclosure of PHI must be in a limited data set or, if more information is needed, the minimum necessary Incidental disclosures not a violation

Communications with Family Members Compliance with Privacy Rules Communications with Family Members HIPAA allows communication of PHI to the individual A parent of a minor child and the executor or administrator of a deceased individual’s estate are treated under HIPAA as if they are the individual To disclose PHI to other family members (for example, a spouse) you must obtain the written consent of the individual

A law enforcement organization is not a covered entity. LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and 164. 45 CFR §164.512(f) A law enforcement organization is not a covered entity. A covered entity may disclose protected health information (PHI) for a law enforcement purpose, to a law enforcement official, only under several sets of circumstances.

LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and 164. 45 CFR §164 LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and 164. 45 CFR §164.512(f) A law enforcement official is defined as "an officer or employee of any agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe," who is: empowered by law to investigate or conduct an official inquiry into a potential violation of law; or, prosecute or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law.

Permitted Disclosures As required by specific reporting laws In compliance with (and limited by relevancy requirements) of: Court order or court-ordered warrant Subpoena or summons issued by judicial officer A grand jury subpoena An administrative request

1. Relevant and material to a legitimate law enforcement inquiry Specific and limited in scope to the extent reasonably practicable in light of the purpose for which info sought For a purpose for which de-identified information could not be used

IDENTIFICATION AND LOCATION PURPOSES PHI may be disclosed for "identification and location" purposes, in response to a law enforcement officer's official request. Purposes would include identifying or locating a suspect, fugitive, material witness, or missing person.

COVERED ENTITY MAY ONLY DISCLOSE THE FOLLOWING FOR ID AND LOCATION: name and address; date and place of birth; social security number; ABO blood type and rh factor; type of injury; date and time of treatment; date and time of death, if applicable; and, a description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair (beard or mustache), scars, and tattoos. The regulations specifically exclude any PHI related to the individual’s DNA or DNA analysis, dental records, or typing, samples or analysis of body fluids or tissue (unless it is one of the items listed above).

Law Enforcement Official’s Request Victim PHI Dead Individual PHI On Premises Criminal Activity Provider providing emergency health care in response to medical emergency off-premises

http://www.hhs.gov/ocr/privacy/

IMPACT ON NEW PERSONNEL AND THREAT ASSESSMENT TEAMS Act requires Resource Officer who is a certified officer MOU with Sheriff or law enforcement Additional training of school personnel (who is a law enforcement officer?) Privacy Rules and training

Thank You