Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,

Slides:

Advertisements

Similar presentations

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

Advertisements

1.04 Patient Rights Legislation

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Confidentiality and HIPAA

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

NAU HIPAA Awareness Training

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

Informed Consent.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

HELPING PATIENTS KEEP IT CONFIDENTIAL KEEPING IT CONFIDENTIAL IN CALIFORNIA New Privacy Protections Under SB 138 Ruth Dawson ACLU of Southern California.

Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.

Privacy & Personal Information -- Why do we care or do we?

HIPAA Health Insurance Portability & Accountability Act of 1996.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

Health Insurance Portability and Accountability Act (HIPAA)

PRIVACY AND HIPAA THE RIGHT THING TO DO. WHAT’S WRONG WITH THIS PICTURE? ? “ Did you hear that Jane from the 5 th floor is in the hospital?” “No!! Let’s.

Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:

September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.

Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.

Health Insurance portability and Accountability Act (HIPAA)‏

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

HIPAA Health Insurance Portability and Accountability Act.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Roundtable on Privacy in Transition: Is Privacy Policy Working in the Healthcare Sector?

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Human Subjects Update E. Wethington, Chair, UCHS.

HIPAA TRIVIA QUEST December Edition. I’ll ask the questions - and you’ll give the answers.

HIPAA/HITECH TRAINING. Why are we here?  HIPAA  HITECH  PHI  Minimum Necessary “Need to Know”  Breaches and Fines.

Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

Health Insurance Portability and Accountability Act

1.04 Patient Rights Legislation

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

The HIPAA Privacy Rule: Implications for Medical Research

HIPAA Administrative Simplification

1.04 Patient Rights Legislation

Privacy Notice - Requirements

Health Insurance Portability and Accountability Act

SHARING CLINICAL DATA: Legal and Privacy Issues

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

The HIPAA Privacy Rule and Research

Healthcare Privacy: The Perspective of a Privacy Advocate

Introduction to Health Privacy

1.04:PP4 Patient Rights Legislation

1.04 Patient Rights Legislation

South Jordan City Fire Department

Presentation transcript:

Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle, WA

Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

Concerns about privacy of personal information high and likely to grow Privacy can be defined as the ability to control information about yourself even after you have given it to someone else Americans are concerned that privacy they once took for granted is increasingly at risk, particularly with respect to spread of IT into more domains of everyday life

Continued high profile losses or thefts of personal data may impact disclosure of PHI for research NSA monitoring domestic phone calls Widely covered reports about releases or theft of personal information: –VA loss of several hundred thousand records –Choicepoint

Public particularly concerned about disclosure of PHI Nearly 4 of 5 Americans feel confidentiality of their medical records is very important (Gallup Poll, 2000) Inappropriate disclosure of PHI not only offensive, but can be devastating: –Embarrassment –Employment –Insurance

Emerging regional and national EHRs also contributing to concern about PHI Americans will not support a system of EHRs if security and privacy were not readily apparent (HIT Leadership Panel Report, 2005) Lack of confidence will not only slow HIT uptake but could undermine data reliability –1 in 6 people withhold medical information because of concerns about confidentiality (Goldman et al 2004)

How do consumers feel about regional or national EHRs?* Most adults (71%) have not heard or read about such initiatives When told about them, ~ 70% concerned that PHI could be leaked because of weak security, or shared without their knowledge 82% believe that it is important that patients be able to track and use their info in EMR Nearly half (47%) thought the privacy risks outweighed benefits of emerging EHRs *(Harris Poll, 2005)

Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

Who owns health information? We generate a tremendous amount of data as physicians…Some parts of it, such as patient information clearly belong to physicians. –William Hazel, Jr. M.D. Patients may have voluntarily turned over their bodies or bodily fluids for examination, but they have done so in the expectation that the information …would be used for their own treatment and their privacy would be maintained –Privacy Rights Clearinghouse

Traditional rule for ownership of medical record outdated States have traditionally considered the provider owner of the medical records they maintain, subject to patient rights relating to information contained. –Statutes developed in era of paper records However, even under traditional rule, no one person can be truly said to own patient identifiable information –i.e. exercise complete sovereignty over the information

What do we really mean by who owns health data? Who may access data? Who may mine or manipulate data? Who may use data and for what purpose? Who may sell data? Who may disclose or publish data? Who may pay to access, use, publish, or sell data?

Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

HIPAA Privacy Rule Protects individually identifiable health information held or transmitted by health care providers, insurers, other Covered Entities, and Business Associates Details permitted uses and disclosures with and without authorization, and penalties Specifies patient rights with respect to their personal health information (PHI)

Consumer advocates view HIPAA as important step, but insufficient HIPAA exemptions for uses unrelated to care without patient authorization are too broad: –E.g., use for health care operations or quality improvement too vague and subject to abuse. Concerns intensify when spread of EHRs considered; they want patients to have more control over who sees what information Function Creep feared

Others agree Privacy Rule does not address many emerging privacy issues Ownership and control of PHI Nature of patient participation Division of role-based access Need for additional disclosure limitations Means of patient identification Stokes, 2005

Alternatives for addressing privacy issues being discussed Opt-in vs. Opt-out system –Opt-out is cheaper but consumers may object –Opt-in gives patients control but would take longer, and be less representative Role-based access Individual privacy settings Access notification