Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enforcement and Policy Challenges in Health Information Privacy

Published byCharity Griffin Modified over 5 years ago

Similar presentations

Presentation on theme: "Enforcement and Policy Challenges in Health Information Privacy"— Presentation transcript:

1 Enforcement and Policy Challenges in Health Information Privacy
The Privacy Symposium August 22, 2007

2 Topics Privacy Rule enforcement Other challenges
Emergency preparedness Patient Safety Act Nationwide Health Information Network Genetic non-discrimination legislation Technical assistance

3 Complaint Investigations
Every complaint received by OCR is reviewed An investigation is conducted where warranted by the facts and circumstances presented by the complaint Privacy investigations have resulted in changes in privacy practices and other corrective actions in over 4,800 cases since April 2003 Corrective action obtained by HHS from covered entities has resulted in systemic change that affects all the individuals they serve OCR investigates all complaints that are timely filed, describes a possible violation of the PR, and complainant consents (when necessary).

4 OCR refers complaints alleging actions that would violate the Security Rule to the Office of E-health Standards and Services (OESS) of CMS There is a coordinated investigative and enforcement process for complaints that allege facts that may be potential violations of the Privacy Rule and Security Rule For example, notification letter to the CE will mention both rules and indicate that OCR is the lead agency for communications (such as data requests) with CE Each agency retains its own authority to investigate compliance with its rule and make its own determination (e.g., no violation, informal resolution, or CMP)

5 Pie Chart: All Complaints

6 Pie Chart: Total Investigated

7 Investigated Resolutions

8 Case Example An employee of a major health insurer impermissibly disclosed the protected health information of one of its members without following the insurer’s authorization and verification procedures. Among other corrective actions to resolve the specific issues in the case, OCR required the health insurer to train its staff on the applicable policies and procedures and to mitigate the harm to the individual apply sanctions to employee who made the disclosure

9 Nationwide Health Information Network
Privacy and Security Are Integral to NHIN Necessary for Public Trust Public Participation Is Engine for Adoption HIPAA Levels Playing Field Nationally Accepted Standards for Privacy and Security Already in Place Uniform National Baseline of Protection – More Is Still Good

10 NHIN & Privacy HIPAA Privacy Rule as Facilitator – Not Obstacle to Health IT adoption Standards Reflect Many Hard Choices Balancing Privacy and Access in Healthcare Setting Narrows Privacy Debate to New Areas of Risk and Opportunity for Consumers Flexibility Allows Rules to Adapt to HIE Needs without Lowering Baseline for All Personal Health Record (PHR) Good Illustration for Assessing New Risks and Opportunities

11 Opportunities for PHR Personal Health Record (PHR) = Opportunities for the Consumer to Engage in NHIN and Take Advantage of Health IT 24/7 Access to Their Health Information Ability to Migrate Information into PHR to Create a Longitudinal Health Record Ability to Consolidate Health Information from Multiple Providers to Better Manage Their Own Care Capability to Control Access by Others Requires Interoperable, Portable, Secure PHR

12 Gaps for Privacy & NHIN Accountability
New Players Typically Not Covered by HIPAA Certain Health Care Providers Providers of Network Services Providers of Data Management Services Providers of PHR Services Can Business Associate Contracts Work and Provide Adequate Accountability in the NHIN?

13 Gaps for Privacy & NHIN Uniformity – How Much Is Really Needed
Preemption Harmonizing Federal and State Laws Ex: Consents “Flexible and Scalable” Standards Harmonizing Business Practices Ex: Minimum Necessary Privacy and Security Solutions for Interoperable Health Information Exchange Looking for Answers

14 GINA Genetic Information Non-Discrimination Act –passed House April 2007 Companion bill in Senate to protect individuals from discrimination in health insurance and employment on the basis of genetic information Calls for changes to Privacy Rule to prevent use of genetic information for underwriting, eligibility determinations Many policy, definitional issues to iron out

15 Patient Safety and Quality Improvement Act
Establishes voluntary reporting system to enhance the data available to assess and resolve patient safety and quality issues Provides Federal privilege & confidentiality protections for "patient safety work product” OCR to enforce confidentiality provisions In close coordination with AHRQ, OCR will develop and operate the Act's enforcement program

16 Emergency Preparedness
Emergency preparedness and recovery planners are interested in the availability of protected health information (PHI) Disasters and emergencies National Disaster Medical System Pandemic and All-Hazards Preparedness Act implementation The HIPAA Privacy Rule permits covered entities to disclose PHI for a variety of public health and other purposes OCR providing technical assistance Web tool addresses avenues of information flow that could apply to emergency preparedness activities

17 Getting out the message
Targeting outreach Assisting entities with compliance through technical assistance Informing the public about how the Privacy Rule applies in emerging issues

18 Other Program Challenges
Strategic management of enforcement portfolio Policy development—balanced & workable Rule

19 OCR Web Site http://www.hhs.gov/ocr/hipaa/
The full text of the Privacy Rule HIPAA Privacy Rule summary Covered entity "decision tool" to assist individuals and entities in making these determinations Over 200 frequently asked questions Fact sheets Information about the OCR enforcement program

Download ppt "Enforcement and Policy Challenges in Health Information Privacy"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Confidentiality and HIPAA

Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Implementing and Enforcing the HIPAA Privacy Rule.

Implementing and Enforcing the HIPAA Privacy Rule.

Similar presentations

Ads by Google