Download presentation
Presentation is loading. Please wait.
Published byประเวศ วอชิงตัน Modified over 5 years ago
1
New School Violence Law; HIPAA Privacy Training
Presented by: Tracey K. Jaensch, Esq.
2
What We Will Cover New Personnel and Privacy Issues Arising from Marjory Stoneman HS Public Safety Act Overview of HIPAA Privacy Requirements Exceptions Related to Law Enforcement Take Aways
3
HIPAA Privacy and Security Rule Overview
Health Insurance Portability and Accountability Act (HIPAA) Amendment – Health Information Technology for Economic and Clinical Health (HITECH) Act Purpose of Mandates properly protect individuals’ health information while allowing the flow of health information needed to provide and promote high quality health care
4
HIPAA Privacy Rule Applicable only to Covered Entities and Business Associates Requires implementation of standards to safeguard protected health information (PHI)
5
HIPAA Privacy Rule Covered Entities Business Associates
health plans (fully insured or self-funded) health care providers (e.g. Crossroads) healthcare clearinghouses Business Associates person or organization that performs, or assists in performing, a service or function on behalf of a covered entity that involves use or disclosure of PHI
6
Entities Specifically NOT Covered
HIPAA Privacy Rule Entities Specifically NOT Covered Employers Life, Disability, and Workers’ Compensation Insurers Law Enforcement Agency School? What services provided and who pays for services
7
HIPAA Privacy Rule PHI is:
individually identifiable health information in any form Electronic Written Oral that is created or received by a covered entity or business associate
8
Examples of PHI Names and Addresses Premiums and coverage amounts
Account numbers Geographic subdivisions smaller than a State, including street address, city, county, zip Certificate/license numbers All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, or date of death Internet Protocol (IP) address Telephone and Fax numbers, Addresses Biometric identifiers, including finger and voice prints, full face photographic images, etc. Social Security Numbers Medical record numbers and Health Plan Beneficiary Numbers Any other unique identifying number, characteristic, etc.
9
HIPAA Privacy Rule Defines when PHI is: required to be disclosed
permitted to be used or disclosed without consent permitted to be used or disclosed only with authorization from the individual
10
HIPAA Security Rule contains requirements for the storage, transmission and access to electronic PHI applies to covered entities and business associates
11
HIPAA Privacy and Security Rule Overview
Enforcement of Privacy and Security Rule Privacy and Security Officer Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) States Attorney General
12
HIPAA Privacy and Security Rule Overview
Civil Penalties States Attorney General max recovery of $25K OCR 4 tiers up to $1.5M for willful violations Individuals may share in civil penalties recovered
13
Privacy Rule Compliance
Permitted Uses and Disclosures To the individual involved; For routine disclosures for health purposes with or without the individual’s consent; OR With the individual’s authorization, to make non-routine disclosures.
14
Privacy Rule Compliance
Routine Disclosures Health care Treatment; Health care Payment; OR Health care Operations -Disclosures generally permitted with or without individual’s consent
15
Privacy Rule Compliance
Non-Routine Disclosures (Non-TPO) Those disclosures relating to: Marketing Employment decisions; or Non-health purposes. - Must Get Written Authorization
16
Privacy Rule Compliance
Minimum Necessary Standard Any disclosure of PHI must be in a limited data set or, if more information is needed, the minimum necessary Incidental disclosures not a violation
17
Communications with Family Members
Compliance with Privacy Rules Communications with Family Members HIPAA allows communication of PHI to the individual A parent of a minor child and the executor or administrator of a deceased individual’s estate are treated under HIPAA as if they are the individual To disclose PHI to other family members (for example, a spouse) you must obtain the written consent of the individual
18
A law enforcement organization is not a covered entity.
LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and CFR § (f) A law enforcement organization is not a covered entity. A covered entity may disclose protected health information (PHI) for a law enforcement purpose, to a law enforcement official, only under several sets of circumstances.
19
LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and 164. 45 CFR §164
LAW ENFORCMENT AND HIPPA 45 CFR Chapters 160 and CFR § (f) A law enforcement official is defined as "an officer or employee of any agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe," who is: empowered by law to investigate or conduct an official inquiry into a potential violation of law; or, prosecute or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law.
20
Permitted Disclosures
As required by specific reporting laws In compliance with (and limited by relevancy requirements) of: Court order or court-ordered warrant Subpoena or summons issued by judicial officer A grand jury subpoena An administrative request
21
1. Relevant and material to a legitimate law enforcement inquiry
Specific and limited in scope to the extent reasonably practicable in light of the purpose for which info sought For a purpose for which de-identified information could not be used
22
IDENTIFICATION AND LOCATION PURPOSES
PHI may be disclosed for "identification and location" purposes, in response to a law enforcement officer's official request. Purposes would include identifying or locating a suspect, fugitive, material witness, or missing person.
23
COVERED ENTITY MAY ONLY DISCLOSE THE FOLLOWING FOR ID AND LOCATION:
name and address; date and place of birth; social security number; ABO blood type and rh factor; type of injury; date and time of treatment; date and time of death, if applicable; and, a description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair (beard or mustache), scars, and tattoos. The regulations specifically exclude any PHI related to the individual’s DNA or DNA analysis, dental records, or typing, samples or analysis of body fluids or tissue (unless it is one of the items listed above).
24
Law Enforcement Official’s Request
Victim PHI Dead Individual PHI On Premises Criminal Activity Provider providing emergency health care in response to medical emergency off-premises
26
IMPACT ON NEW PERSONNEL AND THREAT ASSESSMENT TEAMS
Act requires Resource Officer who is a certified officer MOU with Sheriff or law enforcement Additional training of school personnel (who is a law enforcement officer?) Privacy Rules and training
27
Thank You
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.