Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA 02110 617.310.6065 617.310.6001 (fax)

Slides:

Advertisements

Similar presentations

0 Jumping through Two Hoops: the HIPAA Privacy Rule and State Law Compliance Issues Bruce Merlin Fried, Esq. The fifth National HIPAA Summit November 1,

Advertisements

Jumping through Two Hoops HIPAA and State Law Compliance Bruce Merlin Fried, Esq. HIPAA State Law and Preemption Audio Summit July 10, 2002.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Jumping through Two Hoops HIPAA and State Law Compliance: the Problem of the Failure of Federal Preemption Bruce Merlin Fried, Esq. HIPAA Summit West II.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

HIPAA: Surrogate Decision Making and Advance Health Care Directives Carolyn Heyman-Layne, Esq. Dorsey & Whitney LLP December 20, 2007.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA Health Insurance Portability & Accountability Act of 1996.

Health Insurance Portability and Accountability Act (HIPAA)

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,

1 Disclosures © HIPAA Pros 2002 All rights reserved.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.

Health Insurance Portability and Accountability Act (HIPAA)

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

ATR Recovery Coach Learning Community Facilitated by: Haner Hernandez, Ph.D., CADCII, LADCI Beth Fraster, LICSW, December 19, 2013.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.

Practicing In Harmony with HIPAA The views and opinions expressed in the presentation are those of the presenter, and not necessarily official positions.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Chapter 7—Privacy Law and HIPAA

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

September 17, 2002© Michael Best & Friedrich LLC1 Iowa State Association of Counties HIPAA Training September 17-18, 2002 Legal Issues presented by: Ryan.

Health Insurance portability and Accountability Act (HIPAA)‏

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

HIPAA Privacy for Pharma Audioconference 5/29/2002 pwC.

HIPAA and State Law Compliance: the Problem of the Lack of Federal Preemption Clark Stanton HIPAA SUMMIT IV April 26, 2002 Clark Stanton HIPAA SUMMIT IV.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

Federal Preemption, and State Healthcare Privacy and Data Security Law and Regulation Fifth National HIPAA Summit October 30 – November 1, 2002 Mark Barnes.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

HIPAA TRIVIA QUEST December Edition. I’ll ask the questions - and you’ll give the answers.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

FERPA Family Educational Rights and Privacy Act

Iowa State Association of Counties

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

The HIPAA Privacy Rule: Implications for Medical Research

HIPAA CONFIDENTIALITY

HIPAA Pros - Disclosures

Confidential Records and Protected Disclosures

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

HIPAA Summit West The Hidden Trap: Compliance with State Law

HIPAA Summit VII The Hidden Trap: Compliance with State Law

2003 Immunization Registry Conference

National Congress on Health Care Compliance

HIPAA, The Next Level: HIPAA Preemption of State Laws

Presentation transcript:

Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place, 3 rd Floor Boston, MA (fax) An Overview of State Privacy Laws and Preemption Issues Under HIPAA 13 th National HIPAA Summit September 25, 2006 Washington, D.C.

Agenda –The Legal Framework Governing Preemption; –The Preemption Rule in Operation; –Overview of Various State Privacy Laws; –Conclusion

The Legal Framework Governing Preemption

–Preemption is a product of our “federalist” system of government - –Single federal system with defined powers (e.g., coin money, declare war, regulate interstate commerce). –State governments have authority to govern and regulate in areas not reserved to the federal government (e.g., health and welfare of its citizens).

–Total Preemption: Invalidates all State laws dealing with the regulated area regardless of whether they actually conflict with federal law. –Partial Preemption: Allows States to legislate and regulate in an area covered by federal law, but only to the extent permitted by federal law or that it does not conflict with the federal law.

The Statute –§ Effect of State Law “(1) General Rule -- Except as provided in paragraph (2), a provision or requirement under this Part, or a standard or implementation specification... shall supercede any contrary provisions of State law, including a provision of State law that requires medical or health plan records... to be maintained or transmitted in written rather than electronic form.”

The Exceptions –“(2) Exceptions -- A provision or requirement... or a standard or implementation provision... shall not supercede a contrary provision of State law [if one of four situations apply].”

The Privacy Rule –The Privacy Rule does not preempt State law where the provision of State law relates to the privacy of health information and is contrary to and more stringent than a provision of the Privacy Rule.

The Privacy Rule –The Privacy Rule also does not preempt: –State laws that provide for the reporting of disease or injury, child abuse, birth or death, or for the conduct of public health surveillance investigation or intervention; –State laws that require a health plan to report, or to provide access to information, for the purpose of management or financial audits, program monitoring and evaluation, licensing, and related issues; –Laws that the Secretary of HHS has determined should not be preempted. 45 C.F.R. §

What’s Contrary?  Contrary means: – A covered entity would find it impossible to comply with both the State and federal requirements; or – The provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of the Administrative Simplification regulations. 45 C.F.R. §

What’s More Stringent?  A State law is “more stringent” when it meets one or more of the following criteria: 1.The State law prohibits or restricts a use or disclosure that would be permitted by HIPAA, except if the disclosure is: –Required by the Secretary to determine HIPAA compliance; or –To the individual who is the subject of the individually identifiable health information;

What’s More Stringent?  More Stringent means… 2.The State law permits greater rights of access or amendment, provided that nothing in the Privacy Rule may be construed to preempt any State law to the extent that it authorizes or prohibits disclosure of protected health information about a minor to a parent, guardian or person acting in loco parentis; 3.The State law provides a greater amount of information to the individual about a use, disclosure, right or remedy;

What’s More Stringent?  More Stringent means… 4.The State law narrows the scope or duration of an authorization or consent for use or disclosure of individually identifiable health information or reduces the coercive effect of the circumstances surrounding the authorization or consent; 5.With respect to record keeping or accounting disclosures, the State law provides for the retention or reporting of more detailed information or for a longer duration; or 6.The State law generally provides greater privacy protection for the individual. 45 C.F.R. §

What State laws are at issue? – State constitutions – Statutes – Regulations – Rules – Common law – Other state action having the force of law. 45 C.F.R. §

Analyzing State law on a provision-by-provision basis. –Is State law contrary to the Privacy Rule (i.e., is it impossible to comply with both)? –Is State law more stringent than the Privacy Rule?

HIPAA Preemption Table HIPPA REQUIRES HIPAA PROHIBITS HIPAA PERMITS State Law REQUIRES Not ContraryContrary – It is impossible to comply with both Not Contrary State Law PROHIBITS Contrary—It is impossible to comply with both Not ContraryContrary— The state law is an obstacle State Law PERMITS Not ContraryContrary— The state law is an obstacle Not Contrary

Preemption Example –State law provides that HIV-related information may only be disclosed with the authorization of the individual. –The Privacy Rule permits a health plan to disclose PHI for T, P, & HCO without the consent or authorization of the individual. –Contrary? No. You can comply with both by complying with the more restrictive State law. –Practical Impact: The more restrictive State law will control.

Preemption Example –State Law requires an insurer to take action on a request for amendment within 30 days. –The Privacy Rule generally requires a health plan to act within 60 days of a request for amendment. –Contrary? No, it is possible to comply with both by complying with the more stringent State law provisions. –Practical Impact: Follow the State law requirement.

Preemption Example –Question My State law authorizes health care providers to report suspected child abuse to the State Department of Health and Social Services. Does the HIPAA Privacy Rule preempt this State law? –Answer No. The Privacy Rule permits covered health care providers and other covered entities to disclose reports of child abuse or neglect to public health authorities or other appropriate government authorities. See 45 C.F.R (b)(1)(ii). Thus, there is no conflict between the State law and the Privacy Rule, and no preemption. Covered entities may report such information and be in compliance with both the State law and the Privacy Rule.

Preemption Resources –California- –Florida- –Illinois –Massachusetts- –Michigan- l l –New York- –Texas-

Preemption Resources –Vermont- –Virginia- –Washington, DC- –West Virginia- – Wisconsin-

Preemption Resources –State Health Privacy Laws -a 50- state survey and database of existing state policies already in place, published by the Health Privacy Project- url_nocat.htmState Health Privacy Laws –50- State Preemption Analysis- assets/documents/word/hipaa/1205OverviewChart.DOC

Contact Michael R. Costa, Esq., M.P.H. Greenberg Traurig, LLP One International Place- 20 th Floor Boston, MA (617)