Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Slides:

Advertisements

Similar presentations

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Red Flag Rules: What they are? & What you need to do

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

Confidentiality and HIPAA

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.

REGULATION AND OPPORTUNITY JAY W. COAKLEY COAKLEY STRATEGIC SOLUTIONS LLC Overdraft Income.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

HIPAA Collaborative of Wisconsin Business Associates Extending the Reach of the Privacy Rule.

HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Collaborative of Wisconsin PAYMENT, COLLECTIONS, AND ACCEPTED BENEFITS FURTHER DEFINITION OF THE PRIVACY RULE Copyright HIPAA Collaborative.

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

The Use of Health Information Technology in Physician Practices

Payment Systems Debit Cards. Basic Concepts Cross between checking system and credit card system –No extension of credit; money must be in account at.

HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,

Health Insurance Portability and Accountability Act (HIPAA)

PRIVACY AND HIPAA THE RIGHT THING TO DO. WHAT’S WRONG WITH THIS PICTURE? ? “ Did you hear that Jane from the 5 th floor is in the hospital?” “No!! Let’s.

Update on Federal HIT Legislation Kirsten Beronio Mental Health America.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Chapter 7—Privacy Law and HIPAA

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

FACTA Medical Chicago Regional Training Conference Indianapolis, Indiana June 14, 2006 David Lafleur, Policy Analyst-Compliance Federal Deposit Insurance.

HIPAA Health Insurance Portability and Accountability Act.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

FERPA Family Educational Rights and Privacy Act

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA CONFIDENTIALITY

E&O Risk Management: Meeting the Challenge of Change

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

Other Sources of Information

Healthcare Privacy: The Perspective of a Privacy Advocate

Enforcement and Policy Challenges in Health Information Privacy

Analysis of Final HIPAA Privacy Modification Rule

17th National Forum on Prepaid Card Compliance

Presentation transcript:

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Joy Pritts, JD 2 Public Concerns 95% adult Americans do not want banks to have access to their medical record information without their permission.* * Gallup Organization nation-wide poll, August 2000, available at:

Joy Pritts, JD 3 Information Networks: HIPAA & GLBA Protected Health Info. (PHI) PHI Health Care Provider Banks Health Care Provider Health Plan PHI Affiliate

Joy Pritts, JD 4 Public Concerns Increased access to identifiable health information by banks + Increase in bank-insurer affiliations + More sophisticated computer technology + Potential financial incentive. Concerns about banks obtaining and using health information for consumer credit decisions & sharing health information with affiliates Concerns about banks obtaining and using health information for consumer credit decisions & sharing health information with affiliates

Joy Pritts, JD 5 Goal: Protect Privacy of Health Info. as It Flows through the System Claim for payment Protected Health Info. PHI Health Care Provider Banks Health Care Provider Covered Health Plan Covered

Joy Pritts, JD 6 Primary Laws Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach-Bliley Act (Financial Services Modernization Act) 1999 Fair and Accurate Credit Transactions Act of 2003 (FACT Act) –Amendments to Fair Credit Reporting Act

Joy Pritts, JD 7 HIPAA & Banks Are banks covered by HIPAA? What activities of banks, if any, make them “health care clearinghouses” covered by HIPAA?

Joy Pritts, JD 8 Processing Consumer Payment Info. Does Not Make a Bank a HIPAA Clearinghouse Checks or Credit Card Payments Patient Health Care Provider Bank Credit Card Co. Covered NOT Covered Checks or Credit Card Payments 3d Party or Affiliates Info.

Joy Pritts, JD 9 Processing 3d Party EFT Does Not Make a Bank a HIPAA Clearinghouse EFT Claim for payment Bank Covered Health Care Provider Covered Health Plan NOT Covered

Joy Pritts, JD 10 Does Processing ERAs Make a Bank a HIPAA Clearinghouse? Claim for payment ERA – Identifiable Health Info. ERA Health Care Provider Bank Covered NOT Covered – Sec Exemption? Covered Health Care Provider Covered Health Plan Info. 3d Party or Affiliate

Joy Pritts, JD 11 Sec PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS SEC To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following: (1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check or electronic funds transfer. * * * 42 USCS § 1320d-8

Joy Pritts, JD 12 Issue If banks are exempt from HIPAA under 1179, to what extent is medical information held by banks protected by other laws?

Joy Pritts, JD 13 GLBA Designed to encourage affiliations between banks and other “financial institutions” Applies only to consumer & customer financial information, not commercial transactions Privacy provisions establish limits on sharing financial information (which may contain medical info.)

Joy Pritts, JD 14 GLBA Limits Sharing Consumer Payment Info. Checks or Credit Card Payments Patient Health Care Provider Bank Notice & Opt Out 3d Party Affiliates Information Covered Notice Checks Credit

Joy Pritts, JD 15 GLBA Does Not Prohibit Banks from Using Consumer Payment Info. Checks or Credit Card Payments Patient Bank Credit Card Co. Covered NOT Covered Checks or Credit Card Payments Health Care Provider

Joy Pritts, JD 16 GLBA Doe Not Prohibit Banks from Using or Sharing Info. from Commercial Transactions Claim for payment ERA – Identifiable Health Info. ERA Health Care Provider Bank Health Care Provider Covered Health Plan Not Covered by GLBA Affiliates 3d Party

Joy Pritts, JD 17 Intent of FACT Act Fill some of gaps in privacy protections in: HIPAAGLBA Within context of consumer credit protections

Joy Pritts, JD 18 FACT Act Prohibits obtaining & using medical information for consumer credit decision purposes except where banking agencies determine it is “necessary and appropriate” to protect legitimate operational, transactional, risk, consumer and other needs Consistent with intent to restrict use of medical info. for inappropriate purposes Consistent with intent to restrict use of medical info. for inappropriate purposes

Joy Pritts, JD 19 Regulations Drafted by Banking Agencies that Allow Using Info. for Credit May be Narrow... Claim for payment ERA – Identifiable Health Info. Health Care Provider Covered Health Plan EFT Patient Checks Credit Covered Banks

Joy Pritts, JD 20 … or Broad Claim for payment ERA – Identifiable Health Info. Health Care Provider Covered Health Plan EFT Patient Checks Credit Covered Banks

Joy Pritts, JD 21 FACT Act Does Not Prohibit Using Payment Info. for Insurance, Marketing or Other Purposes Claim for payment ERA Health Care Provider Bank Health Care Provider Covered Health Plan NOT Covered EFT Patient Checks Credit

Joy Pritts, JD 22 Limits on Sharing Medical Info. Are Not Clear Under best circumstances, permits banks to share medical info. with affiliates for any purpose: Permitted without authorization under Privacy Rule or Referred to under Section 1179

Joy Pritts, JD 23 Conclusion If banks are fully exempt under Sec. 1179, the medical information that they receive is not fully protected by other laws.

The End