Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of Final HIPAA Privacy Modification Rule

Published byDjaja Lesmana Modified over 5 years ago

Similar presentations

Presentation on theme: "Analysis of Final HIPAA Privacy Modification Rule"— Presentation transcript:

1 Analysis of Final HIPAA Privacy Modification Rule
HIPAA Summit Analysis of Final HIPAA Privacy Modification Rule Audio Conference August 28, 2002 Bill Braithwaite, MD, PhD “Doctor HIPAA” Copyright © 2002 PricewaterhouseCoopers LLP

2 Privacy Modification Rule – Major Components
Use & Disclosure of PHI Consent & Notice Authorization Minimum Necessary Provision Business Associates Parental Rights

3 Privacy Modification Rule – Major Components
Marketing Communications Research & De-identification Technical Modifications Accounting for disclosures Hybrid Entities Sales of covered entities Security/Safeguards

4 Using And Disclosing PHI – Consent and Notice
Removes consent requirement for use & disclosure for TPO Retains right to request restrictions Requires good faith effort to obtain acknowledgement of notice Layered notices preferred

5 Using And Disclosing PHI – Sharing PHI for TPO
Treatment Unlimited sharing between all providers Payment Allowed between covered entities and non-covered providers Health Care Operations Only allowed between covered entities with present or past relationship with individual

6 Using And Disclosing PHI – Authorization
Simplifies Authorization Eliminates special purpose authorizations Sets core criteria Sets minimum requirements for informational statements Excludes health information in covered entities’ employment records Employment records not limited to specific “physical” files – context based

7 Using And Disclosing PHI – Authorization (cont’d)
Conditioning payment of claim is no longer allowed Authorization no longer required Removes individual’s right to revoke in certain circumstances Prohibits requiring an individual to list a purpose for disclosure for their own purposes

8 Using And Disclosing PHI – Authorization (cont’d)
Disclosing remuneration only required for marketing. Mandates authorization for all marketing Clarifies no disclosure of psych notes without authorization

9 Minimum Necessary Provision
Permits incidental disclosures Clarifies role-based access Requires policies & procedures for processing non-routine disclosures Clarifies MNP does not apply to release of PHI to the individual

10 Minimum Necessary Provision – (cont’d)
Affirms “reasonable standard” – eliminates the term “reasonably ensure” Clarifies the MNP is intended to be flexible Facility redesigns & expensive computer upgrades not required Clarifies Sign-in sheets may be OK

11 Marketing Communications
Simplifies by removing special marketing provisions New marketing definition New marketing exclusions Requires authorization for any use of PHI for marketing

12 Marketing Communications – (cont’d)
Broadens “marketing” definition “to make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service” OR

13 Marketing Communications – (cont’d)
“an arrangement between a covered entity and any other entity whereby the covered entity discloses PHI to the other entity, in exchange for direct or indirect remuneration, for the other entity or its affiliate to make a communication about its own product or service that encourages recipients of the communication to purchase or use that product or service” Clarifies that remuneration does not define marketing

14 Marketing Communications – (cont’d)
Clarifies marketing exceptions Participating providers and health plans in a network, the services offered by a provider, or the benefits covered by a health plan.

15 Marketing Communications – (cont’d)
Marketing exceptions (cont’d) Individual’s treatment Case management or care coordination for that individual, or directions or recommendations for alternative treatments, therapies, health care providers, or settings of care

16 Research & De-Identified Information
Simplifies IRB/Privacy Board waiver criteria to align with Common Rule Evidence of adequate plans to protect & destroy identifiers & prohibit reuse or re-disclosure Ability to perform research without the waiver Clarifies use of re-identification codes Adds limited data set alternative Includes Dates & Geographic Info City, County, State, & Zip code Cannot include prescription number

17 Research & De-Identified Information - (cont’d)
Who can use a Limited Data Set May only be used for the purposes of health care operations, public health and research Not for use between health plans and plan sponsors Requires Data Use Agreement for use of Limited Data Set

18 Accounting for Disclosures
Removes requirements to account for disclosures made under authorizations Excludes uses or disclosures of Limited Data Set

19 Hybrid Entities Removes non-covered entity restrictions
Designate covered/non-covered components Include components that would be business associates “Firewalls” required to protect information in BA components that serve both covered & non-covered components

20 Protects Disclosures to those under FDA
Ensures that covered entities can disclose PHI to a person subject to the jurisdiction of the FDA with respect to an FDA-regulated product or activity for which that person has responsibility, for the purpose of activities related to the quality, safety, or effectiveness of such FDA-regulated product or activity

21 Security and Privacy Clarifies no potential conflict between Privacy & Security rules Privacy covers all PHI Security only covers PHI maintained or transmitted electronically All safeguards required under Privacy apply regardless of Security rule

22 Questions? Bill Braithwaite, MD, PhD Bill.Braithwaite@us.pwcglobal.com
Copyright © 2002 PricewaterhouseCoopers LLP

Download ppt "Analysis of Final HIPAA Privacy Modification Rule"

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Informed Consent.

Informed Consent.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

Similar presentations

Ads by Google