TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Slides:

Advertisements

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

Advertisements

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Rule Training

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Health Insurance Portability and Accountability Act (HIPAA)

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.

HIPAA Health Insurance Portability & Accountability Act of 1996.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Collaborative of Wisconsin PAYMENT, COLLECTIONS, AND ACCEPTED BENEFITS FURTHER DEFINITION OF THE PRIVACY RULE Copyright HIPAA Collaborative.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,

Company LOGO Data Privacy HIPAA Training. Progress Diagram Function in accordance Apply your knowledge Learn the Basics Orientation Evaluation Training.

Health Insurance Portability and Accountability Act (HIPAA)

PRIVACY AND HIPAA THE RIGHT THING TO DO. WHAT’S WRONG WITH THIS PICTURE? ? “ Did you hear that Jane from the 5 th floor is in the hospital?” “No!! Let’s.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

HIPAA – How Will the Regulations Impact Research?.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.

HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Health Insurance portability and Accountability Act (HIPAA)‏

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

HIPAA Health Insurance Portability and Accountability Act.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Human Subjects Update E. Wethington, Chair, UCHS.

Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

HIPAA Privacy Rule Training

UNDERSTANDING WHAT HIPAA IS AND IS NOT

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA CONFIDENTIALITY

HIPAA Administrative Simplification

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

The HIPAA Privacy Rule and Research

2003 Immunization Registry Conference

Analysis of Final HIPAA Privacy Modification Rule

Presentation transcript:

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A. Peeples, J.D. December 13, 2005

TM Brief Overview of HIPAA What is the Privacy Rule? Who is covered by the Privacy Rule? What information is protected?

TM What is the Privacy Rule? Establishes a set of national standards Promulgated by the US DHHS Addresses use and disclosure of individual’s health information Addresses standards and protection of individual’s privacy rights

TM Major Goals of Privacy Rule Assures that individual’s health information is properly protected Strives to maintain balance Designed to be flexible and comprehensive

TM Who is Covered by the Privacy Rule? Covered Healthcare Providers Known as Covered Entities (CE) Health Plans Healthcare Clearinghouses

TM What is a Covered Entity? Health Care Provider + Conducts electronic transactions

TM What is a HIPAA transaction? health care claims health care payment coordination of benefits health care claim status enrollment and disenrollment in a health plan

TM What is a HIPAA transaction? eligibility for a health plan health plan premium payments referral certification and authorization first report of injury health care claims attachments other transactions that the Secretary may prescribe by regulation.

TM Protected Health Information (PHI)  Individual’s past, present or future physical or mental health  Provision of healthcare  Past, present or future payment for provision of healthcare  Does not include FERPA records What Information is Protected?

TM Limits on Use of Individually Identifiable Health Information -Privacy Rule sets limits -Does not restrict ability of health care providers … to share information to treat patients -May not be used for purposes unrelated to health care

TM Limits on Use of Individually Identifiable Health Information Specific authorizations required before a CE can release information to a: −life insurer −bank −marketing firm or −school

TM Limits on Use of Individually Identifiable Health Information Permits health care providers and other CEs to share information about: −treatment options −disease-management programs When they have a treatment relationship with the individual

TM Limits on Use of Individually Identifiable Health Information A person or entity conducting certain functions on behalf of a CE --business associate CE may disclose PHI to a business associate CE must obtain satisfactory assurances to safeguard the information

TM Limits on Use of Individually Identifiable Health Information Privacy standards do not affect state laws Privacy Rule sets a national “floor” of privacy standards State law providing additional protections would continue to apply

TM What is the “Minimum Necessary” Standard? - CE must make reasonable efforts to disclose only the minimum amount of PHI - CEs may “reasonably” rely on public health authorities’ representation - Applies to disclosures to a public health agency

TM Exceptions to the “Minimum Necessary” Requirements  Minimum Necessary Standard does not apply if disclosures are:  Required by law  Authorized by individual  Requested by health care provider for treatment purposes

TM Exceptions to the “Minimum Necessary” Requirements Disclosures to the individual Disclosures to HHS When required for compliance with other HIPAA rules −e.g. to fill out required or situationally required data fields in standard transactions

TM Uses and Disclosures of PHI A covered entity may not use or disclose PHI except either −as the Privacy Rule permits or requires; or −as the individuals …or their …representatives authorize in writing

TM Permitted Uses and Disclosures without Authorizations To the individual For treatment, payment, and healthcare operations Opportunity to agree or object As incident Public interest and benefit activities Limited Data Set

TM Permitted Uses and Disclosures without Authorizations A limited data set is PHI from which certain specified direct identifiers or individuals and their relatives, household members, and employers have been removed. May contain more identifiers than deidentified data stripped of the 18 identifiers-still PHI

TM Written Authorizations Must be written in specific terms Must be in plain language Contain specific information

TM Written Authorizations Allows use and disclosure of PHI by the covered entity or a 3 rd party Examples of disclosures:  to a life insurer  to an employer  To a school employee who is not a heath care provider

TM Public Health Authority Public Health Authorities are not subject to the Privacy Rule −When they are conducting public health activities as defined in the Rule: −Even when they are covered entities acting in the capacity of a public health authority  Funded by a federal (CDC) or state public health authority  With a grant of authority to conduct a public health activity

TM Examples of PHAs Federal public health agencies Include: −CDC; NIH; SAMSHA; FDA; OSHA; and tribal health agencies State public health agencies include: −public health departments or divisions, state cancer registries; and vital statistics departments Local public health agencies include: −similar departments

TM Public Health Authorities Hybrid entities A hybrid entity is a single legal entity that is a CE, performs business activities that include both covered and noncovered functions, and designates its health care components as provided in the Privacy Rule.

TM Public Heath Authorities that are CE’s or Hybrid Entities A university or school that includes an academic medical center’s hospital is a CE It may choose to be a hybrid entity via designating the hospital as its health care component

TM Hybrid Entities A school clinic if it conducts electronic transactions −Bills for services −Files insurance reimbursement claims −Provides health care to students  Physical or mental health services

TM Highlights of the Privacy Rule - Contains standards to protect privacy of individuals identifiable health information - Sets minimum standards for how PHI may be used and disclosed; and - Individuals can have control of their health information

TM Highlights of the Privacy Rule −Describes methods to de-identify health information −Provides alternatives to obtaining an Authorization e.g. limited data sets −Important steps toward understanding:  how and why the Privacy Rule protects  How CEs implement the Rule’s standards

TM Contact Information Beverly A. Peeples, JD Privacy Rule Coordinator Office of Chief Science Officer Office of Scientific Regulatory Services Health Information Privacy Office PH: