Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s.

Published byVictor Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s."— Presentation transcript:

1 Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s Hospital Affinity Group of the In-House Counsel (In- House) and Teaching Hospitals and Academic Medical Centers (THAMC) Practice Groups, and is co-sponsored by the Health Information and Technology (HIT) Practice Group. Privacy Issues and the Children’s Hospital EMR February 15, 2013 12:00-1:15 pm Eastern Presenters Robin L. Canowitz, EsquireRobin L. Canowitz, Esquire, Senior Attorney, Vorys Sater Seymour & Pease LLP, Columbus, OH, rlcanowitz@vorys.comrlcanowitz@vorys.com Daniel F. Gottlieb, EsquireDaniel F. Gottlieb, Esquire, Partner, McDermott Will & Emery LLP, Chicago, IL, dgottlieb@mwe.com Moderator: Jessica Braunstein, Esquire,dgottlieb@mwe.com Associate General Counsel, Children’s Healthcare of Atlanta, Atlanta, GA, jessica.braunstein@choa.orgjessica.braunstein@choa.org 1

2 About CHAG AG Children’s Hospital Affinity Group (CHAG AG) provides a unique and focused forum for discussion and networking about the legal and practical issues that affect children’s hospitals and other providers that furnish pediatric care. CHAG AG is affiliated with the In-House Counsel Practice Group (In-House) and Teaching Hospital and Academic Medical Center Practice Group (THAMC). If you are a member of either of those PG Groups, you may join CHAG AG by simple e-mailing pgs@healthlawyers.org. Otherwise, become a member of either or both the In-House of THAMC Practice Groups, and ask to also join CHAG AG at the same time by contacting pgs@healthlawyers.org.pgs@healthlawyers.org The In-House and THAMC Practice Groups provide a wealth of information and address issues important to all hospitals, healthcare institutions, academic medical centers, and related entities. Children’s hospitals and the care of pediatric patients, however, present some distinctive legal issues that are not often shared by the adult hospitals and adult academic medical centers. Join CHAG AG to receive and receive the benefit of its focus on children’s hospital and pediatric provider issues. 2

3 Agenda Data elements requiring special treatment Internal access and external release to other providers, health information exchange, etc. Patient portals and patient/parent access to information Programs to create appropriate levels of access for hospital personnel Tools for monitoring access and disclosure of information 3

4 Data elements requiring special treatment The HIPAA regulations provide a base line of protection for all Protected Health Information (PHI) State law and the federal alcohol and drug abuse confidentiality rules provide additional protections for sensitive subcategories of PHI Privacy and security policies should be revised to reflect:  More stringent state and federal laws  Different access rights of parents and children for different categories of information at different ages of the child 4

5 Sensitive Categories of PHI Sensitive categories of PHI vary from state to state, but often include:  Substance abuse treatment program information  Mental health and developmental disability information  HIV/AIDs test results  Sexually transmitted diseases  Genetic testing information 5

6 Sensitive Categories of PHI (cont’d) In many states, unemancipated minor has the right to consent to diagnosis and treatment for and control PHI about sensitive conditions such as:  Pregnancy  Abortion  HIV/AIDs and other sexually transmitted diseases  Sexual assault or any condition resulting from the assault  Mental illness or psychiatric condition  Alcohol consumption or drug use and/or their addiction Some states grant physician discretion to share information and/or encourage parental involvement 6

7 Sensitive Categories of PHI (cont’d) EHR technology presents technical challenges to management of sensitive information  Psychiatric drugs in the medication list  HIV-positive or mental health diagnosis in the problem list  HIV test result in the structured lab data  Free text field in progress notes  Parent and child access to patient portal Quality of care and tort law may conflict with health information privacy law How should the conflict be navigated? 7

8 Internal Access and External Release Access Controls for Internal Usage Policies on Use of records for Research Use of technology to deter people from looking at records they don’t have a need to view Are there categories of information that only certain people can see? Some institutions have “walled off” records from their substance abuse treatment programs 8

9 External Release of Records Releases – to allow information to be shared? Issues with patient name changes – birth hospital to specialty hospital. Confirming who has the right to allow release of information. 9

10 Patient Portals and Patient/Parent Access Proxy Access – who do you allow to have access to the portal? Patient/Parent/Legal Guardian – all have their own access. Can all see the same information. What do you do with proxy access when the patient becomes an adult? Do you allow minor patients to have direct access to the portal? If so, at what age, and for what purposes? How do you turn access on and off? 10

11 Patient Portals What do you allow to be posted? At NCH – no information on AIDS, STDs and Mental Health because of state law issues If the site does not have complete information, there should be a disclaimer about that. NCH decided not to post inpatient test results because it could create confusion. When do you post test results? At NCH – physicians given 72 hours to review test results before they are automatically posted. 11

12 Patient Portals (cont’d) Email communication tools – how to implement? Who will respond? What is the expectation of the patient? 12

13 Appropriate Levels of Access The HIPAA minimum necessary standard requires a hospital or other covered health care provider to limit a request, use or disclosure of PHI to the minimum amount of PHI necessary for disclosure unless it is  For Treatment  Required by Law  Pursuant to patient or parent’s authorization  Within another limited exception Hospital should develop role-based access policies for PHI that correspond to technical capabilities of its EHR Send periodic reminders about appropriate access 13

14 Appropriate Levels of Access (cont’d) PHI may be used and disclosed for academic purposes within hospital subject to the minimum necessary standards Faculty and students should receive training on appropriate use of PHI for educational purposes 14

15 Tools for Monitoring Access and Disclosure HIPAA Security Rule requires “reasonable” procedures:  Log-in monitoring  Regular review of records of information system activity, such as audit logs, access reports, and security incident tracking reports. Develop reasonable and practical practices to monitor EHR’s activity logs to identify inappropriate access Rely upon technical, automated auditing where possible Cisco and other vendors offer sophisticated monitoring tools that identify deviations from baseline activity 15

16 Privacy Issues and the Children’s Hospital EMR © 2013 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. “This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought”—from a declaration of the American Bar Association 16

Download ppt "Privacy Issues and the Children’s Hospital EMR Privacy Issues and the Children’s Hospital EMR This roundtable discussion is brought to you by the Children’s."

Similar presentations

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Legal Framework for Information Sharing in Organ Donation and Transplantation Alexandra K. Glazier, Esq. VP & General Counsel New England Organ Bank.

Legal Framework for Information Sharing in Organ Donation and Transplantation Alexandra K. Glazier, Esq. VP & General Counsel New England Organ Bank.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
THE BASICS OF CONSENT LAW Sheniece Smith, Esq.. BASICS State and federal laws require patients to have the right to consent to health care decisions.

THE BASICS OF CONSENT LAW Sheniece Smith, Esq.. BASICS State and federal laws require patients to have the right to consent to health care decisions.
Minor Consent Laws Kim Belasco – (619) Rachel Miller – (619)

Minor Consent Laws Kim Belasco – (619) Rachel Miller – (619)
Consent and Confidentiality for Children in New Mexico Liz McGrath Executive Director Pegasus Legal Services for Children.

Consent and Confidentiality for Children in New Mexico Liz McGrath Executive Director Pegasus Legal Services for Children.
HIPAA: Surrogate Decision Making and Advance Health Care Directives Carolyn Heyman-Layne, Esq. Dorsey & Whitney LLP December 20, 2007.

HIPAA: Surrogate Decision Making and Advance Health Care Directives Carolyn Heyman-Layne, Esq. Dorsey & Whitney LLP December 20, 2007.
Who Must Comply? ProgramProgram General Medical Facility EmergencyEmergency Qualified Service Organization Communication EmergencyEmergency ResearchResearch.

Who Must Comply? ProgramProgram General Medical Facility EmergencyEmergency Qualified Service Organization Communication EmergencyEmergency ResearchResearch.

Similar presentations

Ads by Google