Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin.

Slides:



Advertisements
Similar presentations
H OGAN & H ARTSON, L.L.P.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.
NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
2 H. Westley Clark, M.D., J.D., M.P.H., CAS, FASAM Director Center for Substance Abuse Treatment Substance Abuse Mental Health Services Administration.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Confidentiality in Your TEAP Program By Diane A. Tennies, Ph.D., LADC Lead TEAP Health Specialist October 20,
Health Insurance Portability and Accountability Act (HIPAA)
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Confidentiality and Drug Courts Carson Fox Esq. Steve Hanson M.S. Ed.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA (fax)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
THE TENTH NATIONAL HIPPA SUMMIT ELECTRONIC HEALTH RECORDS NATIONAL HEALTH INFORMATION INFRASTRUCTURE LEGAL ISSUES APRIL 7, 2005 Paul T. Smith, Esq. Partner,
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Working with HIT Systems
September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Confidentiality of Substance Use Disorder Treatment Information in an Era of Integration and Health Information Exchanges Ellen Weber University of Maryland.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act of 1996
Iowa State Association of Counties
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
Confidential Records and Protected Disclosures
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
National Congress on Health Care Compliance
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Presentation transcript:

Reconciling Medical Record Privacy and Security Requirements Across Systems October 10, 2006 Renee H. Martin Tsoules, Sweeney & Martin, LLC 29 Dowlin Forge Road Exton, PA Tel.: (610) Fax: (610)

Copyright  Tsoules, Sweeney & Martin, LLC 2 Overview Coordination of Care for Co-occurring Problems and Illnesses IOM Report Barriers/Hindrances –Cultural –Financial –Legal  HIPAA and pre-emption  PA Mental Health Law  Federal and State Substance Abuse

Copyright  Tsoules, Sweeney & Martin, LLC 3 Overview (Continued) National Health Information Network Electronic Health Records Organizational approaches

Copyright  Tsoules, Sweeney & Martin, LLC 4 Coordination of Care - Paramount Mental and substance abuse and illnesses rarely occur in isolation. Physical illnesses (heart disease, diabetes, cancer, neurological illnesses) frequently accompany mental and substance abuse. Diverse providers often fail to detect and treat these co-occurring problems.

Copyright  Tsoules, Sweeney & Martin, LLC 5 Barriers to Collaboration/Coordination Separation of MH/Substance Abuse from general health care Separation of MH/Substance Abuse from each other Reliance on multiple systems and non-health care sectors to secure MH/Substance Abuse services (juvenile and criminal justice, education, child welfare) Multiple and separately licensed and regulated care providers Separate and multiple disclosure confidentiality requirements

Copyright  Tsoules, Sweeney & Martin, LLC 6 Barriers to Collaboration/Coordination Separate financial systems and coverage Separate cultures

Copyright  Tsoules, Sweeney & Martin, LLC 7 Legal Parameters for Sharing Healthcare Information HIPAA Privacy Rule: Generally: Permits (“Covered Entities”) to release – without patient authorization – protected health information (PHI) (except psychotherapy notes) to another provider for treatment, payment and health care operations.

Copyright  Tsoules, Sweeney & Martin, LLC 8 Scope: Who is Covered? Limited to “covered entities”: –Health care providers who transmit health information in electronic transactions for which the Secretary has adopted standards –Health plans –Health care clearinghouses –Sponsors of prescription drug discount cards Business associate relationships (indirectly)

Copyright  Tsoules, Sweeney & Martin, LLC 9 Organizational Issues Hybrid Entities (designate health care component(s)) Organized Health Care Arrangements (OHCAs) – multiple covered entities can share PHI; e.g., clinically integrated care settings (medical staff and hospital). –OHCAs hold themselves out to public as joint arrangement –OHCAs participate in joint activities that include UR, QA or sharing of financial risk

Copyright  Tsoules, Sweeney & Martin, LLC 10 Organizational Issues Affiliated Covered Entities – legally separates CEs that are under common ownership. One entity has the power directly or indirectly to significantly influence or direct actions of the other or has ownership or equity interest of 5% or more in another. –Must document relationship –Adhere to Security requirements

Copyright  Tsoules, Sweeney & Martin, LLC 11 Business Associates Agents, contractors, others hired to do work on behalf of covered entity that requires use and disclosure of PHI to Business Associate Covered entity must obtain satisfactory assurances – usually through a contract – that a business associate will safeguard protected health information, limit use and disclosure

Copyright  Tsoules, Sweeney & Martin, LLC 12 Preemption of State Law General Rule State law will be preempted if a standard, requirement, or implementation specification of HIPAA Privacy Rule is contrary to a provision of state law.

Copyright  Tsoules, Sweeney & Martin, LLC 13 Preemption of State Law “…contrary to a provision of State law…” –A covered entity would find it impossible to comply with both the state and federal requirements or –The provision of state law is an obstacle to compliance and enforcement of HIPAA.

Copyright  Tsoules, Sweeney & Martin, LLC 14 Preemption of State Law (Cont'd.) HIPAA Privacy Regulations preempt Pennsylvania laws and regulations except: State law relates to privacy of PHI and is more stringent than HIPAA.

Copyright  Tsoules, Sweeney & Martin, LLC 15 What is "More Stringent"? When state law is compared to the HIPAA Privacy Regulations, the state law : 1.Restricts or prohibits a use/disclosure permitted by HIPAA. 2.Permits greater rights of privacy in or to access or amendment of PHI. 3.Provides more information to the Individual.

Copyright  Tsoules, Sweeney & Martin, LLC 16 What is "More Stringent"? (Cont'd.) 4.Narrower in scope or duration; reduces coercive effect surrounding authorizations. 5.Provides for the retention or reporting of more information or longer duration.

Copyright  Tsoules, Sweeney & Martin, LLC 17 HIPAA Privacy Administrative Requirements DOCUMENTED policies, procedures and systems Designate privacy official and contact person Implement administrative, technical and physical safeguards Privacy Training Legal Documents – Notice of Privacy Practices; Business Associate Complaint mechanism Human Resource enforcement policies

Copyright  Tsoules, Sweeney & Martin, LLC 18 HIPAA Preemption/Privacy Rule Result: PA mental health law generally supersedes HIPAA and PA law applies relative to use and disclosure of PHI. PA law silent on many of these administrative requirements. So must look to and comply with many of these administrative requirements.

Copyright  Tsoules, Sweeney & Martin, LLC 19 HIPAA Security Rule HIPAA Privacy covers what information you protect – the use and disclosure of PHI HIPAA Security covers how you protect that information and when –Adopt national standards for safeguards to protect the confidentiality, integrity, and availability of the data

Copyright  Tsoules, Sweeney & Martin, LLC 20 General Requirements Ensure –Confidentiality: who can see the information –Integrity: the information has not been altered in any way –Availability: it can be accessed on a timely basis

Copyright  Tsoules, Sweeney & Martin, LLC 21 General Requirements Applies to electronic protected health information –Note that privacy extends to oral and written communications Applies to the electronic PHI that a covered entity: –Creates –Maintains –Transmits

Copyright  Tsoules, Sweeney & Martin, LLC 22 General Requirements Covered entities must: –Protect against reasonably anticipated threats or hazards to the security or integrity of information –Protect against reasonably anticipated uses and disclosures as outlined in the privacy rule –Ensure compliance by workforce –Develop business associate contracts as appropriate

Copyright  Tsoules, Sweeney & Martin, LLC 23 Overarching Themes Security is technology neutral –Outlines what needs to be done to protect the information, but not how it should be done Security is comprehensive –Covers the technical, administrative, and behavioral aspects of compliance

Copyright  Tsoules, Sweeney & Martin, LLC 24 Regulatory Approach Scalability (size) and flexibility (implementation) Organizational approaches should account for: –Size –Complexity –Technical Infrastructure –Cost –Potential Security Risks

Copyright  Tsoules, Sweeney & Martin, LLC 25 Regulatory Approach Developed standards –Administrative –Physical –Technical Within each standard are a series of implementation specifics that can be either Required or Addressable

Copyright  Tsoules, Sweeney & Martin, LLC 26 Regulatory Approach Required – A MUST Addressable – a covered after conducting a documented risk analysis, may: –Implement a solution if reasonable and appropriate –Implement an equivalent measure, if reasonable and appropriate –Not implement

Copyright  Tsoules, Sweeney & Martin, LLC 27 Administrative Standards Security Management –Risk analysis (R) –Risk management (R) Assigned Responsibility: Security Officer– (R) Workforce Security –Termination procedures (A) –Clearance procedures (A)

Copyright  Tsoules, Sweeney & Martin, LLC 28 Administrative Standards Information Access Management –Isolating clearinghouse (R) –Access authorization (A) Security Awareness and Training (R ) Security Incident Procedures (R) Contingency Plan –Disaster Recovery Plan (R) Evaluation (R) Business Associate Contracts

Copyright  Tsoules, Sweeney & Martin, LLC 29 Physical Standards Facility Access Controls – All addressable –Contingency operations –Facility Security Plan –Access control –Maintenance records Workstation Use Workstation Security Device and Media Controls

Copyright  Tsoules, Sweeney & Martin, LLC 30 Technical Standards Access Control –Unique user ID (R) –Emergency access (R) –Automatic logoff (A) –Encryption and decryption (A) Audit Controls Integrity Controls Person or Entity Authentication Transmission Security

Copyright  Tsoules, Sweeney & Martin, LLC 31 HIPAA Security Standards Security Standards do not preempt state law. PA mental health laws silent Must implement HIPAA Security Standards

Copyright  Tsoules, Sweeney & Martin, LLC 32 SUBSTANCE ABUSE RECORD CONFIDENTIALITY

Copyright  Tsoules, Sweeney & Martin, LLC 33 Substance Abuse Confidentiality Confidentiality of Alcohol and Drug Abuse Patient Records (42 C.F.R. Part 2) –Protects from disclosure: –The records of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education, training, treatment, rehabilitation, or research, which is conducted, regulated or directly or indirectly assisted by any department or agency of the United States.

Copyright  Tsoules, Sweeney & Martin, LLC 34 Substance Abuse Confidentiality Confidentiality of Alcohol and Drug Abuse Patient Records (42 C.F.R. Part 2) –Definitions  “Records” – include any information received or acquired by a program whether oral or written. The prohibitions against disclosure of records continue to apply to records irrespective of the patient’s status in the program. (Continued)

Copyright  Tsoules, Sweeney & Martin, LLC 35 Substance Abuse Confidentiality –Definitions  “Patient” – includes any individual who either has applied for or has been given diagnosis or treatment for alcohol or drug abuse at a federally assisted program and includes any individual who, after arrest on a criminal charge, is identified as an individual with alcohol or drug abuse in order to determine that individual(s) eligibility to participate in a program. (Continued)

Copyright  Tsoules, Sweeney & Martin, LLC 36 Substance Abuse Confidentiality –Definitions  “Programs” – The requirements apply only to a “federally assisted alcohol or drug abuse program” – defined as an individual or entity or an identified unit within a general medical facility “who holds itself out as providing, and provides alcohol or drug abuse diagnosis, treatment or referral for treatment.” (Continued)

Copyright  Tsoules, Sweeney & Martin, LLC 37 Substance Abuse Confidentiality The Federal Confidentiality Requirements do NOT apply to the following: –Hospital emergency room and general medical surgical patients’ records where the health care facility is not a federally assisted “program” – does not have an identified unit which provides substance abuse services, or medical personnel or other staff whose primary function is the provision of substance abuse services and who are identified as being such providers. (Continued)

Copyright  Tsoules, Sweeney & Martin, LLC 38 Substance Abuse Confidentiality The Federal Confidentiality Requirements do NOT apply to the following: –Interchange of records within the Armed Forces and the Veteran’s Administration. –Crimes on program premises or against program personnel –Communications between a program and a “qualified service organization” of information needed by the organization to provide services to the program. –Internal communications within program

Copyright  Tsoules, Sweeney & Martin, LLC 39 Substance Abuse Confidentiality Disclosure: Exceptions –Internal Communications  Can occur within a program/office or with an entity having direct administrative control, if information is needed  Staff can share information with each other, supervisors  Staff of the hospital’s record-keeping or billing department

Copyright  Tsoules, Sweeney & Martin, LLC 40 Substance Abuse Confidentiality Consent Requirements –Consent Form Requirements  Redisclosure of information released is prohibited without written consent

Copyright  Tsoules, Sweeney & Martin, LLC 41 Substance Abuse Confidentiality Exceptions to the Consent Requirement— Nonconsensual Disclosure Permitted –To medical personnel in a “bona fide” medical emergency; –To medical personnel of the FDA who need the information to notify patients of errors in drug labeling or manufacture; –To qualified personnel when conducting scientific research, management audits, financial audits or program evaluation (cannot identify directly or indirectly any individual patient in any such report); (Continued)

Copyright  Tsoules, Sweeney & Martin, LLC 42 Substance Abuse Confidentiality Exceptions to the Consent Requirement— Nonconsensual Disclosure Permitted –To governmental or third party payers, with certain restrictions; and –If authorized by a court order and a subpoena, issued after a showing of “good cause.” 42 U.S.C. § 290dd-2(b)(2); 42 C.F.R. § §

Copyright  Tsoules, Sweeney & Martin, LLC 43 Substance Abuse Confidentiality Disclosure: Exceptions With Patient Consent –Patient can authorize specific disclosures –The Patient’s consent must be in writing –Consent must contain specific elements: (very similar to HIPAA authorization)

Copyright  Tsoules, Sweeney & Martin, LLC 44 Substance Abuse Confidentiality Disclosure: Exceptions –Qualified Service Organization Agreement  Program or office can disclose to QSO without consent  QSO: a person or agency that provides services that the program/office itself does not provide (e.g., data processing, billing, professional services, vocational counseling)  QSO must be qualified to communicate with the program/office (i.e., written agreement)

Copyright  Tsoules, Sweeney & Martin, LLC 45 Substance Abuse Confidentiality Disclosure: Exceptions –Qualified Service Organization Agreement  Program or office may freely communicate with QSO only the information needed by QSO  Program or office can enter into such an agreement only if QSO offers service the program/office does not offer  Program/office doesn’t have to inform patients about QSOs

Copyright  Tsoules, Sweeney & Martin, LLC 46 Part 2: “Security” Requirements Written records must be “maintained in a secure room, locked file cabinet, safe, or similar container.” 42 C.F.R. § PA law-records shall be secured within a locked storage container. 4 Pa. Code § 257 (d)(1)(i).

Copyright  Tsoules, Sweeney & Martin, LLC 47 MENTAL HEALTH PATIENT RECORDS

Copyright  Tsoules, Sweeney & Martin, LLC 48 Confidentiality of Records INPATIENT PSYCHIATRIC SERVICES Confidentiality of Records under MHPA: All documents concerning persons in treatment shall be kept confidential and, without the person’s written consent, may not be released or their contents disclosed to anyone except: (a)those engaged in providing treatment for the person; (b)the county administrator; (c)a court in the course of commitment proceedings; and (d)Under Federal laws governing patient information where treatment is undertaken in a federal agency.

Copyright  Tsoules, Sweeney & Martin, LLC 49 Confidentiality of Records Non-Consensual Release of Information Treatment Records are confidential and shall not be released nor disclosed without written consent of client/patient except relevant portions or summaries may be released or copied as follows: –Persons actively engaged in treatment –Third Party Payors (information released without consent or court order is limited) –Reviewers and Inspectors (e.g. JCAHO, CARF) –Response to court order (§ (b)) –Emergency medical situation –Minimum Necessary

Copyright  Tsoules, Sweeney & Martin, LLC 50 Confidentiality of Records Patient Access to Records and Control Over Release of Records –14 years of age or older who understand nature of documents to be released –A person chosen by client/patient –If client/patient is deceased, client/patient’s executor or personal representative of estate –Parent or Guardian if person is under 14 or incompetent

Copyright  Tsoules, Sweeney & Martin, LLC 51 Confidentiality of Records Patient Access to Records and Control Over Release of Records –Records from other Agencies become part of record; subject to control by client/patient

Copyright  Tsoules, Sweeney & Martin, LLC 52 Confidentiality of Records Consensual Release to Third Parties –Access to records granted to third parties upon written consent of client/patient –Client/patient designates Payor-designates consent to release for reimbursement – minimum necessary applies –Client/patient has right to inspect –Mandated Requirements in consent form

Copyright  Tsoules, Sweeney & Martin, LLC 53 Confidentiality of Records Release to Courts –No release of records in response to a subpoena or other discovery proceedings without patient consent or an additional court order –Duty to Inform Court –Inform client/patient’s attorney –Defense counsel for Provider may review records; minimum necessary applies –Violations include civil and criminal liability

Copyright  Tsoules, Sweeney & Martin, LLC 54 Release of Mental Health Records Under Act 147 Rights of Minors Except for the limited rights of a parent/legal guardian general rule: The minor (age 14 or older) shall control the release of the minor's mental health inpatient and outpatient treatment records and information to the extent allowed by law. Release subject to the provisions of the MHPA and other applicable federal and state statutes and regulations.

Copyright  Tsoules, Sweeney & Martin, LLC 55 Nation Moving to Electronic Health Care Records National Health Information Infrastructure President’s New Freedom Commission on Transforming Mental Health Treatment Recommendations –Use HIT to improve access and coordination –Develop and implement integrated HER and personal health systems

Copyright  Tsoules, Sweeney & Martin, LLC 56 So,... Where are we going? Most MH/Substance Abuse treatment is paper based –3,000 to 10,000 hours of care go undocumented = $360,000 to $1 million annually –25,000 to 42,000 hours of lost clinical time due to paper inefficiencies-annual value $2.2 to $3.7 million –13,000-20,000 hours of support staff time spent on unnecessary medical record work-annual value $500,000-$700,000.

Copyright  Tsoules, Sweeney & Martin, LLC 57 National Health Information Infrastructure Executive Order 1335, April 2004 – –Called for widespread adoption of interoperable EHRs within 10 years –Created position of National Coordinator for Health Information Technology –National Coordinator issued a Framework for Strategic Action issued July 21, 2004 –Consists of 4 goals, each with 3 strategies

Copyright  Tsoules, Sweeney & Martin, LLC 58 Goals of the NHII Informing Clinical Practice –Promoting use of EHRs by  Incentivizing EHR adoption  Reducing the risk of EHR investment

Copyright  Tsoules, Sweeney & Martin, LLC 59 Goals of the NHII Interconnecting clinicians by creating interoperability through –Regional Health Information Organizations (RHIOs) –National health information infrastructure –Coordinating federal health information systems

Copyright  Tsoules, Sweeney & Martin, LLC 60 Goals of the NHII Personalizing care –Promotion of personal health records –Enhancing consumer choice by providing information about institutions and clinicians –Promoting tele-health in rural and underserved areas

Copyright  Tsoules, Sweeney & Martin, LLC 61 Goals of the NHII Improving population health –Unifying public health surveillance –Streamlining quality of care monitoring –Accelerating research and dissemination of evidence

Copyright  Tsoules, Sweeney & Martin, LLC 62 Regional Health Information Organization RHIO Public health surveillance Quality accountability Research Others? Health Plan Consumers Provider

Copyright  Tsoules, Sweeney & Martin, LLC 63 Overcoming Legal Barriers 1.Unified Programs 2.Take advantage of current law 3.Universal Authorizations 4.Effectuate change (locally and nationally) Come to the table!

Copyright  Tsoules, Sweeney & Martin, LLC 64 Ways to Disclose Under HIPAA and 42 C.F.R. § 2 Use the OHCA and Affiliated Entity options to define your “program” more expansively Use the Qualified Service Organization/ designation with a mental health treatment provider to permit disclosure to mental health provider NOTE: Mental health treatment provider precluded from redisclosing under QSO designation.

Copyright  Tsoules, Sweeney & Martin, LLC 65 Ways to Disclose Under PA Mental Health Law/HIPAA Take advantage of current law: Does an exception apply? Can you “embed” providers into one agency and facility? Provider-Provider Provider – Payor Use universal/3 way compliant authorization when necessary/appropriate

Copyright  Tsoules, Sweeney & Martin, LLC 66 Ways to Disclose: Non-PHI De-identified data –May be aggregated/shared –Is it truly de-identified? Limited data sets –For public health, research or operations –Need data use agreement

Copyright  Tsoules, Sweeney & Martin, LLC 67

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.