Presentation is loading. Please wait.

Presentation is loading. Please wait.

I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official.

Published byChaim Costin Modified over 9 years ago

Similar presentations

Presentation on theme: "I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official."— Presentation transcript:

1 I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official positions of the Office of Inspector General, Department of Health and Human Services

2 The Inspector General’s Authority Inspector General Act of 1978 5 U.S.C. App 3 Inspector General Subpoenas 5 U.S. C. App 3 §6(a)(4) “to require by subpoena the production of all [documents] necessary in the performance of the functions assigned by this Act.”

3 HIPAA Privacy Rule 45 C.F.R. § 164.512 permits covered entities to disclosure protected health information (PHI) without patient consent for the 12 “national priorities” listed in this section. Most disclosures to the HHS IG will come under 45 C.F.R. §§ 164.512(a) and 164.512(d)

4 The Inspector General as Health Oversight Agency Definition of a health oversight agency 45 C.F.R. § 164.501 Regulation preamble 65 Fed. Reg. 82492 (Dec 28, 2000)

5 The Health Oversight Exception 45 C.F.R. § 164.512(d) Permits covered entities to disclose protected health information to a health oversight agency for oversight activities authorized by law.

6 The Health Oversight Exception Examples of health oversight activities: audits, civil, administrative or criminal investigations, inspections, licensure or disciplinary actions, civil, administrative or criminal proceedings or actions

7 The Health Oversight Exception More health oversight activities: Health fraud investigations conducted with the FBI/DoJ. Both IG subpoenas and DoJ’s administrative subpoenas (18 U.S.C. §3486) are used. The HIPAA Privacy Rule permits covered entities to disclose to both types of subpoena under the health oversight exception.

8 The Health Oversight Exception More health oversight activities Joint investigations with other agencies: health oversight investigation conducted in conjunction with an investigation related to a claim for public benefits not related to health. Example: social security number fraud involving Medicaid and other public benefits such as food stamps, housing vouchers.

9 The Required by Law Exception 45 C.F.R. § 164.512(a) Permits covered entities to “disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.”

10 Required by Law Definition of required by law 45 C.F.R. § 164.501 Includes subpoenas issued by a governmental inspector general. Also includes the “Medicare conditions of participation with respect to health care providers participating in the program.”

11 Overlap of Health Oversight and Law Enforcement Some requests for disclosure of PHI could fit under more than one exception in 45 C.F.R. § 164.512 Regulation Preamble 65 F.R. 82524: Covered entity may disclose PHI as permitted by one paragraph of §164.512 regardless of whether the disclose fails to meet the requirements under a different paragraph of §164.512 or elsewhere in the rule.

12 Health Care Fraud as Health Oversight Regulation Preamble 65 Fed. Reg. 82532 explains that health care fraud was moved from law enforcement in the notice of proposed rule making to health oversight in the final rule.

13 Informing the Covered Entity Subpoena cover letter OIG will cite applicable section of the HIPAA Privacy Rule that permits disclosure OIG may demand a suspension of accounting of disclosures per 45 C.F.R. § 164.528 Verification of Identity 45 C.F.R. § 164.514(h)(2)(ii)

14 Conclusion The HIPAA Privacy Rule permits covered entities to disclose PHI in response to IG subpoenas. The OIG will work with covered entities to allay concerns about an IG subpoena; however, when necessary, we will take action to enforce the subpoena. If a covered entity has questions about disclosure of PHI related to an IG subpoena from the HHS OIG, it should contact the Office of Counsel to the Inspector General at (202) 619-0335.

Download ppt "I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
HIPAA Privacy: Implementing Privacy for Government Health Plans Roberta M. Ward Senior Counsel, Privacy Officer California Department of Health Services.

HIPAA Privacy: Implementing Privacy for Government Health Plans Roberta M. Ward Senior Counsel, Privacy Officer California Department of Health Services.
0 Jumping through Two Hoops: the HIPAA Privacy Rule and State Law Compliance Issues Bruce Merlin Fried, Esq. The fifth National HIPAA Summit November 1,

0 Jumping through Two Hoops: the HIPAA Privacy Rule and State Law Compliance Issues Bruce Merlin Fried, Esq. The fifth National HIPAA Summit November 1,
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Chapter 6 Federal Regulation of Pharmacy Practice.

Chapter 6 Federal Regulation of Pharmacy Practice.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

Similar presentations

Ads by Google