Presentation is loading. Please wait.

Presentation is loading. Please wait.

Healthcare Data Privacy & Security Real World Enforcement and Why Confusion Reigns Supreme Dec. 10, 2007 Dennis Melamed Editor/Publisher Health Information.

Published byAbigail Farewell Modified over 9 years ago

Similar presentations

Presentation on theme: "Healthcare Data Privacy & Security Real World Enforcement and Why Confusion Reigns Supreme Dec. 10, 2007 Dennis Melamed Editor/Publisher Health Information."— Presentation transcript:

1 Healthcare Data Privacy & Security Real World Enforcement and Why Confusion Reigns Supreme Dec. 10, 2007 Dennis Melamed Editor/Publisher Health Information Privacy/Security Alert dmelamed@melamedia.com www.melamedia.com

2 Dec. 10, 2007Melamedia, LLC © 20072 Why Has It Been So Difficult? The Privacy Rule Governs the Most Common Conversation We Have as Human Beings Aunt Bee's busybody best friend,Clara Edwards

3 Dec. 10, 2007Melamedia, LLC © 20073 Key Moments in the History of HIPAA Privacy Rule August 1996. HIPAA Becomes The Law… August 1999. Congress Fails to Enact Legislation. Newt Gingrich Allows Bill Clinton To Write the Privacy Rule Abortion, State’s Rights, Minor’s Right to Privacy (Meaning Abortion) Stall Senate Action. House Never Really Got Off the Dime Everyone Now Convinced That There Is No Medical Privacy Protection The Long & Winded Road

4 Dec. 10, 2007Melamedia, LLC © 20074 Key Moments in the History of HIPAA Privacy Rule Nov. 3, 1999. HHS Issues 600-page Proposal Generating Thousands of Comments. Comment Period Extended Another 45 Days. Dec. 28, 2000. HHS Issues 500,000 Words In Rule and Accompanying Explanations.. March 27, 2002. HHS Issues 7,000-word modification requiring 93,000 words of explanation Aug. 14, 2002. Second Final Rule Issued.  CMS Punts on Claims Attachment Standard The Long & Winded Road Part 2

5 Dec. 10, 2007Melamedia, LLC © 20075 100s of Kinks In The Winded Road  A Lot of People Believed Congress in the 1990s When It Said There Was Uneven Or No Medical Privacy Protection  The States Go On A Rampage  NAIC and State Legislatures  HIPAA  Gramm-Leach-Bliley  Indiana Jones & The Lost Laws

6 Dec. 10, 2007Melamedia, LLC © 20076 Now That We’ve Straightened That Out, Lets Preempt State Law  IOM Report on Medical Errors Prompts New Federal Effort To Create Electronic Health Records  HIPAA Doesn’t Count  CMS Continues to Punt on Claims Attachment Standard

7 Dec. 10, 2007Melamedia, LLC © 20077 Let’s Play “Pretend HIPAA…”  Efforts to Create EHRs, EMRs (or whatever you want to call them) Gathers Steam  Ooops. State Laws Pose Obstacles on Privacy and Security  Let’s Create A New Record Called a Personal Health Record

8 Dec. 10, 2007Melamedia, LLC © 20078 The Berlin Wall Came Down, But We’re Still Manning The Silos  EHR/EMR Proponents Continue to Ignore HIPAA  CMS Continues to Punt on Claims Attachment Standard  CMS Comes Out in July With New Policy To Pay For Some Clinical Trial Services for Medicare Beneficiaries.

9 Dec. 10, 2007Melamedia, LLC © 20079 To Recuperate  Congress Fails To Act on HIPAA  States Act on Medical Privacy  Feds Move on Electronic Records  Personal Health Records Appear  The Future Looks Now More Mysterious and Unknowable. But We Know It Won’t Be Orderly And We Know We Will Continue To Muddle Through

10 Dec. 10, 2007Melamedia, LLC © 200710 Trends in Medical Privacy Enforcement  OCR  CMS  FTC  State Courts  Federal Courts

11 Dec. 10, 2007Melamedia, LLC © 200711 OCR Enforcement Trends Complaints from April 14, 2003 through 10/31/07  Total Complaints: 31,194  Complaints Investigated: 7,882  Investigations Resulting In Changed Behavior: 5,299  Investigations In Which There Was No Violation: 2,583

12 Dec. 10, 2007Melamedia, LLC © 200712 Most Common Privacy Complaints Issues Most Commonly Investigated  Impermissible Uses And Disclosures Of Protected Health Data  Lack Of Safeguards Of Protected Health Information  Lack Of Patient Access To Their Protected Health Information  Uses Or Disclosures Of More Than The Minimum Necessary Protected Health Information  Lack Of Or Invalid Authorizations For Uses And Disclosures Of Protected Health Information Most Common Covered Entities Required To Take Corrective Action  Private Practices  General Hospitals  Outpatient Facilities  Health Plans (Group Health Plans And Health Insurance Issuers)  Pharmacies

13 Dec. 10, 2007Melamedia, LLC © 200713 What Happens To OCR Complaints? Or My Son Is on The 7-Year Plan at College  No Civil Penalties  More Than 415 Criminal Referrals To Department Of Justice  More Than 216 Referrals To CMS

14 Dec. 10, 2007Melamedia, LLC © 200714 CMS Enforcement Trends (We could use a few consultants)  Questions Over Technical Expertise  Questions Over Any Capability Given OESS Budget

15 Dec. 10, 2007Melamedia, LLC © 200715 Most Common Security Complaints And Outcomes  Information Access Management  Security Awareness And Training  Access Controls  No Civil Penalties  No Data on Referrals  CMS Hires PWC

16 Dec. 10, 2007Melamedia, LLC © 200716 FTC: We Don’t Do HIPAA, But…  FCRA  Consumer Protection

17 Dec. 10, 2007Melamedia, LLC © 200717 State Courts: Where the Action Is  State Courts Rarely Invoke HIPAA. They Have Their Own Laws….Remember? They Even Have Constitutions.  When Courts Do Invoke HIPAA, The Issue Typically Revolves Around Technical Legal Issues that Invoke Latin Words like ex parte  Judges Actually Insist on Relevancy

18 Dec. 10, 2007Melamedia, LLC © 200718 Federal Courts Not Very Active  No Way for Patients to Sue Under HIPAA  Gyrations Needed to Invoke HIPAA Even on Employees of Covered Entities  One Caution on Definition of Individual

19 Dec. 10, 2007Melamedia, LLC © 200719 A Word on De-Identification HIPAA Was One Of The First Attempts To Make A Person Functionally Invisible – At Least On Paper…Or In A Computer Database  HHS should issue guidance on the specific threshold of statistical de-identification that ensures information is rendered not individually identifiable.  HHS should define allowable uses of HIPAA de-identified data, and provide guidance to covered entities regarding what uses of HIPAA de-identified data are not permitted without authorization by the individual so that covered entities may be guided in development of their business associate contracts. NCVHS Draft Recommendations 10/21/07

20 Dec. 10, 2007Melamedia, LLC © 200720 The Forecast  Partly Cloudy  Followed by More Clouds Coming In from the South, North, East and West  Temperatures Rising

21 Dec. 10, 2007Melamedia, LLC © 200721 Done! Now That Wasn’t So Painful… Dennis Melamed Editor/Publisher Health Information Privacy/Security Alert 703.704.5665 dmelamed@melamedia.com To get HIPAA enforcement stats for free, visit www.melamedia.com

Download ppt "Healthcare Data Privacy & Security Real World Enforcement and Why Confusion Reigns Supreme Dec. 10, 2007 Dennis Melamed Editor/Publisher Health Information."

Similar presentations

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 1 The Goal of HIPAA: Administrative Simplification HIPAA for Allied Health.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Similar presentations

Ads by Google