Presentation is loading. Please wait.

Presentation is loading. Please wait.

RELEASE OF INFORMATION AFTER THE APRIL 14, 2003 COMPLIANCE DATE The Seventh National HIPAA Summit September 16, 2003 Debbie MikelsLinda M. Nolan, RHIT,

Published byElaine Brown Modified over 8 years ago

Similar presentations

Presentation on theme: "RELEASE OF INFORMATION AFTER THE APRIL 14, 2003 COMPLIANCE DATE The Seventh National HIPAA Summit September 16, 2003 Debbie MikelsLinda M. Nolan, RHIT,"— Presentation transcript:

1 RELEASE OF INFORMATION AFTER THE APRIL 14, 2003 COMPLIANCE DATE The Seventh National HIPAA Summit September 16, 2003 Debbie MikelsLinda M. Nolan, RHIT, CPHQ Corporate ManagerAssistant Privacy Officer Partners HealthCare SystemNorth Shore Medical Center Boston, MASalem, MA Dmikels@partners.orglmnolan@partners.org

2 Source: AHIMA "Redisclosure of Patient Health Information" 2 Agenda Patient Rights and Release of Information: Privacy Notice Authorization Access Amendment Right to Request Restrictions on Uses and Disclosures of PHI Right to Confidential Communications Right to Agree or Object Right to an Accounting of Disclosures Right to file Complaint with entity and/or OCR

3 Source: AHIMA "Redisclosure of Patient Health Information" 3 Agenda, continued Release of Information - Specific Circumstances: Workers Compensation Law Enforcement Psychotherapy Notes Sensitive/Privileged Information Subpoenas Other General Considerations: Minimum Necessary Safeguarding PHI Transmitting PHI (fax, e-mail)

4 Source: AHIMA "Redisclosure of Patient Health Information" 4 Patient Rights Right to Receive Privacy Notice Privacy Notice describes: Permitted Uses and Disclosures (without authorization) Uses and Disclosures that Require Authorization Patient Rights Providers are required to make “good faith effort” to obtain written acknowledgement of receipt of Notice Health Plans – acknowledgement is optional

5 Source: AHIMA "Redisclosure of Patient Health Information" 5 Use of PHI for Treatment, Payment, Operations Patient is informed via Privacy Notice Treatment activities Clinical care Coordinating care among providers Payment activities To obtain insurance pre-approval for services Payment for treatment provided Operations Quality Improvement/Risk Management Infection Control Physician Credentialing

6 Source: AHIMA "Redisclosure of Patient Health Information" 6 Patient Rights Authorization When is an authorization required? Requested by family member Operationally some entities obtain authorization for release of PHI to the patient, although HIPAA does not require this Requested by an attorney Requested by other users such as life insurance, disability companies As required by state law

7 Source: AHIMA "Redisclosure of Patient Health Information" 7 Valid Authorization A valid authorization must include: who is releasing the information who is receiving it the specific information being released the purpose for the release expiration date authentication (signed and dated) identity or authority of personal representative as appropriate, with signature and date

8 Source: AHIMA "Redisclosure of Patient Health Information" 8 Valid Authorization A valid authorization must also include statements that: The authorization can be withdrawn Refusal to sign the authorization will not affect the patient’s treatment, payment, or health plan enrollment There is a potential for re-disclosure by the recipient

9 Source: AHIMA "Redisclosure of Patient Health Information" 9 Patient Rights Access to PHI Right to view or request copies VIEWING: By appointment only Staff person present Ensures integrity of record COPYING: Generally within 30 days of request 30-day extension possible if record located off-site Patient must be notified of this in writing

10 Source: AHIMA "Redisclosure of Patient Health Information" 10 Patient Rights Right to Request Amendment Physician makes final determination whether to grant or deny request Either way, decision communicated to patient in writing Within 60 days 30 day extension period is allowed if needed

11 Source: AHIMA "Redisclosure of Patient Health Information" 11 Patient Rights Right to Request Restrictions Right to request a restriction in permitted uses and disclosures of PHI (e.g. for TPO) Patient put request in writing if possible Oral requests must be documented Covered entities are not required to agree to a requested restriction

12 Source: AHIMA "Redisclosure of Patient Health Information" 12 Patient Rights Right to Confidential Communications Providers must permit individuals to request and must accommodate reasonable requests by individuals: To receive PHI by alternative means or alternative locations Health Plans must permit individuals to request and must accommodate reasonable requests for confidential communications, if the individual clearly states that disclosure of the PHI could endanger them.

13 Source: AHIMA "Redisclosure of Patient Health Information" 13 Patient Rights Right to Agree or Object Covered entities may use or disclose PHI without authorization, provided that the individual is informed in advance and has the opportunity to agree or prohibit the disclosures related to: Hospital Directories Involvement in the individual’s care and notification purposes

14 Source: AHIMA "Redisclosure of Patient Health Information" 14 Patient Rights Right to Agree or Object - Directories Information that can be released to visitors that inquire about a patient by name: Location Condition Clergy can be given information on religious affiliation without asking for patient by name.

15 Source: AHIMA "Redisclosure of Patient Health Information" 15 Patient Rights Accounting of Disclosures Patients have the right to obtain a listing of all disclosures EXCEPT those: For treatment, payment, or “operations” (TPO) That the patient has authorized Disclosures made directly to the patient For national security and/or to correctional institutions As part of a limited data set, or Those that occurred prior to April 14, 2003

16 Source: AHIMA "Redisclosure of Patient Health Information" 16 Patient Rights Accounting of Disclosures Disclosures that DO need to be included in report: Public health reporting Communicable diseases, suspected child or elder abuse Vital statistics reporting, such as births and/or deaths FDA reporting/surveillance/as required by law Cancer registry, Food and drug interactions, Implant device tracking Health Oversight agencies Medicare conditions of participation Judicial and administrative proceedings

17 Source: AHIMA "Redisclosure of Patient Health Information" 17 Patient Rights Accounting of Disclosures, cont’d. Disclosures that DO need to be included in report: Employers/Workers Compensation Law enforcement Coroner or medical examiners Tissue or organ procurement agencies Research disclosures based on IRB waiver of authorization

18 Source: AHIMA "Redisclosure of Patient Health Information" 18 Patient Rights Accounting of Disclosures The accounting must include for each disclosure: Date of the disclosure Name of entity receiving the PHI Description of PHI disclosed Purpose of the disclosure Streamlined tracking is available when multiple disclosures are made for the same purpose

19 Source: AHIMA "Redisclosure of Patient Health Information" 19 Release of Information Specific Circumstances Redisclosing other Provider Records Worker’s Compensation Deceased Individuals Law Enforcement Psychotherapy Notes Privileged/Sensitive Information Subpoenas Other Conditions

20 Source: AHIMA "Redisclosure of Patient Health Information" 20 Re-disclosing Other Provider Records When records from another provider or covered entity are contained in your records, you may include them in the disclosure if: The patient asks for them To comply with a valid authorization To comply with legal process

21 Source: AHIMA "Redisclosure of Patient Health Information" 21 Certifying Records From Another Provider Certification form may have to be modified to state: The information was received from another healthcare provider or facility You received it in good faith You cannot certify or testify as to the completeness, accuracy, or record-keeping practices of the original provider

22 Source: AHIMA "Redisclosure of Patient Health Information" 22 Worker’s Compensation – Without Authorization May disclose to worker’s compensation insurers, state administrative agency, or employers: As necessary to comply with applicable federal and State law (see 45 CFR 164.512(a) and 45 CFR 164.512(l)) To obtain payment for healthcare provided to the injured or ill worker (see 45 CFR 164.502(a)(1)(ii) Limited to that needed for claim

23 Source: AHIMA "Redisclosure of Patient Health Information" 23 Worker’s Compensation – With Authorization ONLY if authorized by the patient Records related to pre-existing conditions Records related to co-existent conditions Records privileged under State law requiring specific release (HIV test results for instance)

24 Source: AHIMA "Redisclosure of Patient Health Information" 24 Deceased Individuals Authorization must be given by decedent’s personal representative Executor, administrator, or other person with authority to act on behalf of a deceased individual or their estate Proof of authority needed Exceptions: Funeral directors, coroner or medical examiner To healthcare providers for treatment of other family members as required (infectious disease) Potentially to law enforcement

25 Source: AHIMA "Redisclosure of Patient Health Information" 25 Law Enforcement Requests To identify or locate a suspect, fugitive, material witness or missing person. Limited to: Name and address Date and place of birth SSN Blood type and rh factor (but not DNA, dental records, or analysis of body fluids or tissues) Type of injury Date and time of treatment or death Distinguishing characteristics (tattoos, scars)

26 Source: AHIMA "Redisclosure of Patient Health Information" 26 Law Enforcement Requests If patient is a crime victim: Patient has to agree to the disclosure, if able. If not, staff may disclose: If needed to determine whether another person committed a crime The PHI will not be used against the patient An immediate law enforcement attempt (arrest) will be adversely affected if they wait for the patient to authorize In staff professional judgment, the disclosure is in the patient’s best interests

27 Source: AHIMA "Redisclosure of Patient Health Information" 27 Psychotherapy Notes – HIPAA HIPAA’s Definition: For the originator’s own use Kept separately from the medical record Patient may be given access at therapist discretion Authorization from patient required for uses and disclosures, including for TPO except for limited uses.

28 Source: AHIMA "Redisclosure of Patient Health Information" 28 Psychotherapy Notes – HIPAA EXCEPTIONS TO AUTHORIZATION REQUIREMENT Used by originator for treatment purposes Used or disclosed by CE in training programs for students, trainees, or practitioners in mental health under supervision To defend legal action brought by the subject If required for enforcement of HHS regulations When mandated by law or needed by oversight agency If needed by coroner or medical examiner, or When needed to avert serious or imminent threat to health or safety

29 Source: AHIMA "Redisclosure of Patient Health Information" 29 Sensitive/Privileged Information May require specific authorization or Court Order in accordance with Federal or State law Federal and State law may apply to Drug and Alcohol Abuse Records Social Workers’, Psychotherapist, Psychologists Domestic Violence and Sexual Assault Counseling Sexually Transmitted Disease HIV Test Results Blood Alcohol Test Results

30 Source: AHIMA "Redisclosure of Patient Health Information" 30 Subpoena Processing HIPAA has specific requirements State law may have specific requirements Both must be met

31 Source: AHIMA "Redisclosure of Patient Health Information" 31 Subpoena Processing - HIPAA Satisfactory Assurance of Notice Patient or counsel has been notified Attests written notice included sufficient information to raise objection Assures deadline for objection has passed Patient/counsel has made no objection OR Patient authorization Court Order

32 Source: AHIMA "Redisclosure of Patient Health Information" 32 Subpoena Processing - HIPAA Response limited to Minimum Necessary “any and all” requests Substance abuse treatment records cannot be released (42 U.S.C. S 290) Without specific authorization OR Court order ordering production

33 Source: AHIMA "Redisclosure of Patient Health Information" 33 Invalid Subpoena Subpoena contains inaccurate patient name, date of admission, etc. Subpoenas from Court with no jurisdiction (another State) Date of hearing, deposition, etc. has already passed

34 Source: AHIMA "Redisclosure of Patient Health Information" 34 Court Orders If criminal case, and record requested by defendant (patient is victim or witness) Privilege for sensitive information has to be asserted by hospital Judge may review records to determine what has to be released Note: Specific to MA – other state laws may differ

35 Source: AHIMA "Redisclosure of Patient Health Information" 35 Other Conditions May Apply Minor’s Rights to Limit Release of PHI in some States or circumstances Mentally Retarded Persons Right to Access or Release Health Records State laws may require hospital to assert privilege on behalf of patient

36 Source: AHIMA "Redisclosure of Patient Health Information" 36 Release of Information General Considerations

37 Source: AHIMA "Redisclosure of Patient Health Information" 37 Minimum Necessary Standard Limit information for PHI needed for payment and healthcare operations Institutional practice may also limit to that needed for the intended purpose Emergency room record Discharge summary Abstract vs. complete medical record Worker’s compensation (limit to that related to the claim and only as required by law)

38 Source: AHIMA "Redisclosure of Patient Health Information" 38 Safeguarding PHI Access only as needed to do the job Follow minimum necessary guidance Understand State laws on retention and destruction of health information records Be careful of transmittal methods (faxing, e-mail) Secure work areas

39 Source: AHIMA "Redisclosure of Patient Health Information" 39 Fax Guidelines

40 Source: AHIMA "Redisclosure of Patient Health Information" 40 Sending PHI via Fax When faxing information: Verify the sender has the correct fax number, and That the fax machine is in a secure location, and/or the receiver is available immediately to receive the fax

41 Source: AHIMA "Redisclosure of Patient Health Information" 41 Receiving PHI via Fax Immediately remove the fax, and deliver it to the recipient If the information has been sent in error, immediately inform the sender and destroy the faxed information via proper PHI disposal method

42 Source: AHIMA "Redisclosure of Patient Health Information" 42 E-Mail E-Mail containing patient identifiable information should not be transmitted over the open internet, as security cannot be guaranteed Use of e-mail disclaimer

43 Source: AHIMA "Redisclosure of Patient Health Information" 43 Questions??? Thank you!!

Download ppt "RELEASE OF INFORMATION AFTER THE APRIL 14, 2003 COMPLIANCE DATE The Seventh National HIPAA Summit September 16, 2003 Debbie MikelsLinda M. Nolan, RHIT,"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Protecting Patient Privacy:

Protecting Patient Privacy:
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Anne Arundel County Fire Department

Anne Arundel County Fire Department
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.

Ethics, Confidentiality, and HIPAA! 2006 ASAC Drug Court Confidentiality FMJ Multi- County November 8, 2006.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.

Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.

Similar presentations

Ads by Google