Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

Published byDonald Burns Modified over 5 years ago

Similar presentations

Presentation on theme: "Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP"— Presentation transcript:

1 GET CONNECTED KNOWLEDGE FORUM LEGAL ISSUES IN GETTING COMMUNITIES CONNECTED JUNE 28, 2005
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP One Embarcadero Center, Suite 600 San Francisco, CA

2 Regional Health Information Organization
Public health surveillance Quality accountability Research Consumers RHIO Health Plan Provider Provider Provider Provider

3 Consumer Participation
NHII— “Consumer-centric” Includes a personal health record Has a strong theme of consumer “ownership” Consumer consent not required for inclusion in RHIO by provider, as long as there are Appropriate safeguards Restrictions on use and disclosure

4 Consumer Control Many advocate an “opt-in” model
What rights should the consumer have to— Control data going into the NHII? Control access to that data? HIPAA does not differentiate What are the implications for providers?

5 What uses and disclosures are permitted?
HIPAA is permissive: the only required disclosures are to The individual HHS for HIPAA compliance investigation Treatment is a given, but what are the rules for— Health care operations, including payment Public health oversight Research Use by law enforcement

6 Security in a RHIO Covered entities must maintain reasonable and appropriate administrative, technical and physical safeguards— To ensure confidentiality and integrity of information To protect against reasonably anticipated-- threats to security or integrity unauthorized uses or disclosures

7 Security in a RHIO Basic requirements with implementation features
Technology neutral, flexible and scalable To be implemented in a manner that best suits the entity’s needs, circumstances and resources, taking into account Size, complexity and capabilities Technical infrastructure and capabilities Cost of security measures Potential risks to health information

8 Security in a RHIO What is missing?
Clearly defined, uniform security requirements Access restrictions Authentication with non-repudiation Technical restrictions on use Audit trials Enforcement, enforcement, enforcement

9 Policing the RHIO Not directly regulated
Covered entities disclosing health information are required to obtain & enforce contractual assurances that the RHIO will-- Safeguard the data (security) Restrict uses and disclosures to those permitted to the covered entity (privacy) Return or destroy the data on termination, if feasible

10 Policing the RHIO A covered entity is liable for breaches by business associate if the covered entity-- Learns of a pattern or practice of violations, and Fails to take reasonable and appropriate remedial measures Weak standard

11 User Agreements - Structure
Policies and Procedures Can be changed on notice with user opt-out Core terms Common terms Role-specific terms User agreement Designates user’s role Incorporates core terms and P&Ps

12 User Agreements – Policies & Procedures
User enrollment and termination Technical requirements Data standards Security requirements Privacy practices (permitted uses) Consumer rights

13 User Agreements – Core Terms
Ownership of system and data Nature of user’s right to use Permitted uses, based on user’s role

14 User Agreements – Core Terms
User’s responsibilities: Compliance with policies and procedures Accuracy and completeness of contributed data Appropriate authorizations/NPPs Payment of fees

15 User Agreements – Core Terms
Network’s responsibilities: Maintain and support the system Maintain privacy and security of data Gatekeeper functions Business associate provisions Credential users Police the system Afford individual rights

16 User Agreements – Core Terms
Fees and charges Disclaimers, limitations and indemnifications Term and termination provisions What happens to the data?

17 User Agreements – Individual Agreements
Identify user Identify user’s role Incorporate core terms and P&Ps

Download ppt "Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP"

Similar presentations

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA 206-628-7769.

Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.

Confidentiality, Ethics, Privacy, and Access REPORT FROM CONFIDENTIALITY, ETHICS, PRIVACY AND ACCESS Group B.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Developing Privacy and Security Standards Allen Briskin Allen Briskin

Developing Privacy and Security Standards Allen Briskin Allen Briskin
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved. Health Information Technology and Management Richard.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Student Confidentiality: The FERPA/HIPAA Facts AISD Policy 09.14 Student Records AISD Procedure 09.14 AP. 11.

Student Confidentiality: The FERPA/HIPAA Facts AISD Policy Student Records AISD Procedure AP. 11.

Similar presentations

Ads by Google