Presentation is loading. Please wait.

Presentation is loading. Please wait.

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Published byJonathan Sandoval Modified over 10 years ago

Similar presentations

Presentation on theme: "Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,"— Presentation transcript:

1 Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair, HIT/HIPAA Practice Group Davis Wright Tremaine LLP 206-628-7769 beckywilliams@dwt.com

2 Davis Wright Tremaine LLP 2 HIPAA Analysis: Starting Point Identify those with access Determine covered entity status Determine other status (e.g., business associate) Examine the Flow of PHI within the RHIO Covered Provider Covered Provider Covered Provider Non-Covered Provider Covered Provider Plan Covered Entity Non-Covered Third Party Purposes of the PHI Flow

3 Davis Wright Tremaine LLP 3 Ways to Disclose: TPO May disclose PHI for own Treatment Payment Operations May disclose PHI for treatment activities of a health care provider (not necessarily a covered provider) May disclose PHI to provider or covered entity for payment purposes May disclose PHI to covered entity For limited operations (e.g., QA, peer review, compliance) If both have/had relationship with patient If disclosure relates to relationship

4 Davis Wright Tremaine LLP 4 Ways to Disclose: OHCA Medical Staff OHCA Community OHCA: organized system of health More than one covered entity Hold themselves out to the public as a joint arrangement Participate in joint activities that include UR, QA or sharing of financial risk May disclose PHI to another covered entity in OHCA for OHCA health care operations

5 Davis Wright Tremaine LLP 5 Business Associate provides services on behalf of a covered entity involving PHI Examples: management, administration, data aggregation Need BAC RHIO/ASP/ISP May or may not be covered entity May be a business associate (especially in a hub and spoke arrangement) Ways to Disclose: Business Associate

6 Davis Wright Tremaine LLP 6 Ways to Disclose: Patient Authorization May not be necessary for most disclosures Depends on participants When in doubt, go with an authorization State law may present greatest challenges May be more stringent on disclosures May present problems with authorization Requirements likely to vary with type of info (mental health, AIDS/HIV/STD, developmental disabilities, substance abuse) Beware of federal substance abuse requirements May want to seek patient permission/ acknowledgement Puts patients on notice; helps to avoid surprises Opportunity to request additional privacy protections

7 Davis Wright Tremaine LLP 7 Ways to Disclose: Non-PHI De-identified data May be aggregated/shared Is it truly de-identified? Limited data sets For public health, research or operations Need data use agreement

8 Davis Wright Tremaine LLP 8 Minimum Necessary May use, disclose or request only the minimum necessary information for the intended purpose RHIO members may rely on other members representation if All are covered entities and Reliance is reasonable under the circumstances No minimum necessary for Treatment Authorization

9 Davis Wright Tremaine LLP 9 Individual Rights General Issues Need to determine responsibilities Centralized v. de-centralized Access If de-centralized, different providers may follow different rules Want to put participants on notice Amendment Provider to make determination Process for making amendments system-wide Need to preserve pre-amendment PHI Need to track timing of amendments Need to link to statement of disagreement/ rebuttal

10 Davis Wright Tremaine LLP 10 Individual Rights Accounting of disclosure Most RHIO disclosures not subject to accounting Who tracks? Request additional privacy protection Covered entity has right to refuse Accepted request Bound Practical implication: Is RHIO bound? Be aware of system limitations Notice of privacy practices Want all participants to include description of community-wide system Each party is responsible for contents/distribution of NPP Joint NPPs need to be tracked

11 Davis Wright Tremaine LLP 11 Administrative Responsibilities Training Centralize v. decentralized Sanctions Each member must have and use sanctions Collaborative – wide sanctions Policies Individual policies and procedures Rules of the road

12 Davis Wright Tremaine LLP 12 Security Standards Standards are scalable based on sophistication and resources of covered entity Security is only as good as the weakest link Minimum standards may be required (e.g., through user/license agreement) Systems protections for appropriate access Identify relationship with patient Break the glass Audit/sanctions

Download ppt "Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,"

Similar presentations

HIPAA for Governments & Municipalities Rebecca L. Williams, RN, JD Partner, Co-Chair of HIT/HIPAA Practice Davis Wright Tremaine LLP Seattle, WA

HIPAA for Governments & Municipalities Rebecca L. Williams, RN, JD Partner, Co-Chair of HIT/HIPAA Practice Davis Wright Tremaine LLP Seattle, WA
H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA 206-628-7769.

Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA Health Insurance Portability & Accountability Act of 1996.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,

– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,

Similar presentations

Ads by Google