Presentation is loading. Please wait.

Presentation is loading. Please wait.

The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page 

Published byFay Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page "— Presentation transcript:

1 The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  http://www.phdsc.org/ PRISM Web Page  http://www.phdsc.org/prism/introduction.htm

2 What is PRISM?  A framework for understanding the basic legal privacy requirements for the use and disclosure of health information  Created to help public sector health programs understand and apply state and federal privacy laws to their activities

3 What is PRISM? (cont’d) An electronic, web-based tool Set up as web tables to easily access and focus information relevant to a specific situation Multiple tables created to inform all the common public sector health functions

4 Purpose of PRISM  Identifies and defines the baseline conditions and requirements that a government or other health entity must follow when using and disclosing specific types of health information  Organizes key privacy requirements related to uses and disclosures to provide direction to improve privacy policies, procedures, and compliance

5 What Information is in PRISM? Uses the HIPAA privacy rule to set the basic framework Incorporates other federal privacy laws, such as 42 CFR pt. 2 and FERPA, where relevant References common provisions in state law Focuses on DISCLOSURES of health information done by public programs

6 Includes other laws or requirements that may have an impact Provides additional information on how the requirement may be interpreted or applied in public programs What Information is in PRISM? (cont’d)

7 Why was PRISM developed? Address a gap in federal HIPAA privacy guidance HIPAA requirements do not always map to public sector health program activities

8 Why was PRISM developed? (cont’d) Public sector health programs often combine multiple activities and functions, so rule application can be confusing Useful for most payer and provider entities, whether public or private

9 Who developed PRISM? Developed through the Public Health Data Standards Consortium (PHDSC) Funded by the National Center for Health Statistics (NCHS) Development oversight provided by the Consortium’s Privacy, Security, and Data Sharing Committee (PSDSC)

10 Who developed PRISM? (Cont’d) Content developed by Consortium members: Walter Suarez, MD, PHDSC President Vicki Hohner, Co-Chair PSDS Committee Legal Reviewer: Joy Pritts, JD, Senior Policy Analyst and HIPAA Privacy expert, Georgetown University

11 How is PRISM structured? Three separate tables for common public sector health-related functions: Public Health Authority Provider Payer Focus is on disclosures of specific types of identifiable health information

12 How is PRISM structured? (cont’d) Tables organized by:  Disclosure Purpose  Treatment, Payment, Operations  Required by law (public health, health oversight)  Judicial/administrative proceedings, law enforcement

13 How is PRISM structured? (cont’d) Tables organized by:  Disclosure Purpose  Type of Information  HIV, immunizations, medical records  Separate section for minors  Separate table addressing who (as the individual) can control uses and disclosures and under what conditions

14 What information is in the PRISM tables? Tables divided into cells that contain information about specific disclosures HIPAA citation Type of disclosure (required vs. permitted) Information related to the disclosure (conditions, special requirements)

15 What information is in the PRISM tables (cont’d) ? HIPAA requirements of the disclosure Whether consent/authorization is required Whether minimum necessary applies If an accounting of disclosure is required Additional general state law issues/ requirements that may apply

16 Where can I find PRISM? PHDSC Home Page: http://www.phdsc.org/ PHDSC Home Page: http://www.phdsc.org/http://www.phdsc.org/ PRISM Web Page: http://www.phdsc.org/prism/introduction.htm PRISM Web Page: http://www.phdsc.org/prism/introduction.htmhttp://www.phdsc.org/prism/introduction.htm

17 Introduction to PRISM Click on “Proceed to PRISM Privacy Tool” at bottom of this web page Click on “Proceed to PRISM Privacy Tool” at bottom of this web page

18 Understanding and Using PRISM Proceed down the page and click on “Government Entity Acting As….” Proceed down the page and click on “Government Entity Acting As….”

19 Understanding and Using PRISM

20 Government Entity Acting As… Proceed down the page and click on one of the Type of Disclosure tables Proceed down the page and click on one of the Type of Disclosure tables

21 Government Entity Acting As…

22 How do I use PRISM? (Cont’d) Click on a specific functional table to access the actual table This takes you to the grid of disclosure purposes for that table by specific data type

23 Click on a folder icon to access the content for a specific disclosure/data type This screen provides you with disclosure guidelines specific to this type of disclosure How do I use PRISM? (Cont’d)

24 Example #1 My program functions as a provider I want to disclose information on children’s immunizations for public health purposes 1.First click to access the Public Health Healthcare Provider table

25 Example #1 (Cont’d) 2. Then go to table 4, Disclosures Required by Law; for Public Health; etc., which covers disclosures for public health purposes

26 3. Look along the top for the Public health purpose column, then for Unemancipated minors information down the side, and click to open Example #1 (Cont’d)

27 4. Using the information in the cell: If an entity is performing public health activities as a provider, that disclosure is allowed without consent or authorization under HIPAA State laws define and control legal issues related to minors, but public health activities are normally not affected by these laws Example #1 (Cont’d)

28 Example #2 My program functions as a provider AND a public health authority I need to disclose HIV AIDS information for treatment purposes 1.First click to access the Provider table

29 Example #2 (Cont’d) 2. Then go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes

30 3.Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open Example #2 (Cont’d)

31 4.Then click on the Public Health Authority table, go to table 2, Disclosures for Treatment, Payment, and Health Care Operations, which contains specific information for TPO purposes Example #2 (Cont’d)

32 5.Look for the Treatment disclosures column, and the STD/AIDS row, and click on the cell to open Example #2 (Cont’d)

33 6.Using the information in both cells: If an entity is performing treatment activities as a provider, that disclosure is allowed without consent or authorization under HIPAA However, HIV information is often subject to stricter state protections, so state laws may require consent or authorization for some or all treatment activities If an entity is performing treatment activities as a public health authority, then that disclosure is not subject to the HIPAA requirements However, those treatment activities must be clearly identifiable as public health activities defined by law to qualify Example #2 (Cont’d)

34 PRISM Privacy Definitions and Resources

35

36 How can I provide feedback on PRISM? Feedback/Comment form: http://www.phdsc.org/about/feedback.asp?cf=pr Your comments are critical to future revisions and enhancements to this tool

37 How can I provide feedback on PRISM? Feedback/Comment form: http://www.phdsc.org/about/feedback.asp?cf=pr Your comments are critical to future revisions and enhancements to this tool

38 Other Consortium Products and Activities Products Websites Local health privacy case studies Activities Participate in state and national privacy and security projects (HISPC) Participate in national privacy and security standards harmonization (HITSP)

39 For more information About the Consortium and other Consortium products: http://www.phdsc.org http://www.phdsc.org Invite participation in Consortium activities Help produce more useful tools and information Consider joining the Consortium to further these and other efforts

40 Contact Information Walter G. Suarez, MD President and CEO Institute for HIPAA/HIT Education and Research Email: walter.suarez@sga.us.comwalter.suarez@sga.us.com Phone: 703-519-1828 Vicki Hohner, MBA Senior Consultant Fox Systems, Inc. Email: vicki.hohner@foxsys.comvicki.hohner@foxsys.com Phone: 360-970-6856

Download ppt "The PRISM Privacy Tool: A User’s Guide PHDSC Home Page  PRISM Web Page "

Similar presentations

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.

Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.

Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.

Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Consent and Confidentiality for Children in New Mexico Liz McGrath Executive Director Pegasus Legal Services for Children.

Consent and Confidentiality for Children in New Mexico Liz McGrath Executive Director Pegasus Legal Services for Children.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.

Your HIPAA rules Ben Burton, JD, MBA, RHIA, CHP, CHC Notice of Privacy Practices.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Similar presentations

Ads by Google