health insurance portability and accountibility act paul d. friedman, m.a., j.d. 300 w. clarendon,...

HEALTH INSURANCEPORTABILITY AND ACCOUNTIBILITY

ACTPAUL D. FRIEDMAN, M.A.,

J.D.300 W. Clarendon, Ste. 400

Phoenix, Arizona 85013(602) 252-8888

bioethics@cox.net

HIPAA(not

HIPPO)

©Copyright 2005Paul D. Friedman, M.A., J.D.

WHY DID THE HIPPO CROSS THE ROAD?

©Copyright 2005Paul D. Friedman, M.A., J.D.

BECAUSE HE HEARD THERE WAS GOING TO BE A PRESENTATION ON HIPAA ON HIS SIDE OF THE ROAD.

Is it too late to leave?

THE PURPOSE OF THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996

HIPAA amended the Employee Retirement Income Security Act (ERISA), to provide new rights and protections for participants and beneficiaries in group health plans.. ©Copyright 2005

Paul D. Friedman, M.A., J.D.

HIPAA OVERVIEW

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996

TransactionsTransactions Code SetsCode Sets

Insurance Portability

AdministrativeSimplification

Fraud and AbuseMedical Liability

Reform

Title ITitle I Title IITitle II Title IIITitle III Title IVTitle IV Title VTitle V

PrivacyPrivacy SecuritySecurity EDIEDI

Tax RelatedHealth Provision

Group HealthPlan Requirements

RevenueOff-sets

IdentifiersIdentifiers

©Copyright 2005Paul D. Friedman, M.A., J.D.

HIPAA PORTABILITY• Limits Exclusions For Pre-Existing

Conditions

• Prohibits Discrimination Against employees And Dependents Based Upon Health Status

©Copyright 2005Paul D. Friedman, M.A., J.D.

HIPAA PORTABILITY

Health Insurance Must Include Coverage For Pre-Existing Conditions As Long As There Has Not Been A Break In Coverage For 63 Days Or More

©Copyright 2005Paul D. Friedman, M.A., J.D.

Administrative Simplification

[Accountability]

InsuranceReform

[Portability]

Health Insurance Portability and Accountability

Act (HIPAA)

HIPAA - 2003

Transactions, Code Sets, & Identifiers

PRIVACY

Compliance Date:

4/14/2003

Security

©Copyright 2005Paul D. Friedman, M.A., J.D.

PURPOSE OF THE HIPAA PRIVACY RULE

Protect And Enhance The Rights Of Consumers By: Providing Access To Their Health InformationControlling Inappropriate Use Of That Information

Improve Quality of Health Care

Improve Efficiency And Effectiveness Of Health Care Delivery By Providing A National Framework For Privacy Protection ©Copyright 2005

Paul D. Friedman, M.A., J.D.

PRIVACY

How Protected Information in Either Written Or Verbal Form Is:

StoredTransmittedSharedDiscardedDisclosed

©Copyright 2005Paul D. Friedman, M.A., J.D.

PRIVACY: PENALTIES

$100 for each violation

Maximum of $25,000 per year per specific provision

NON-COMPLIANCE

WRONGFUL DISCLOSURE

FALSE PRETENSES

©Copyright 2005Paul D. Friedman, M.A., J.D.

$50,000 And/Or Up To 1 Year In Prison

$250,000 And/Or Up To 10 Years In Prison

Notify Patient Of Their Privacy RightsPatient Access To Their Medical

RecordsPatient Consent Before Releasing

Information

INTRODUCTON TO PRIVACY

The Privacy Rule Provides:

©Copyright 2005Paul D. Friedman, M.A., J.D.

COMPLIANCE TO PRIVACY

Provide patients with a written explanation of how the organization may use and disclose their health information

Provide patients with the ability to get copies of their medical information and request amendments

Obtain patient consent before sharing medical information

Compliance Involves:

©Copyright 2005Paul D. Friedman, M.A., J.D.

PERMISSION

HIPAA Allows For But Does Not Mandate Consent For Disclosure of Personal Health Information For Treatment, Payment And Health Care Operations

CONSENT

AUTHORIZATIONWritten Authorization Is Mandated

Unless There Is A Specific Exclusion©Copyright 2005Paul D. Friedman, M.A., J.D.

AUTHORIZATION EXCEPTIONS

Treatment, Payment or Health Care Operations Directories At Facilities Family And Friends Marketing Fundraising Averting a Serious Threat To Health Or Safety Health Oversight Activities Judicial And Administrative Proceedings Law Enforcement Public Health Activities Required By Law Research Victims of Abuse, Neglect Or Domestic Violence

Authorizations Are Mandated Except:

©Copyright 2005Paul D. Friedman, M.A., J.D.

AUTHORIZATION ELEMENTS

Identity Of The Party Authorizing The Disclosure Signature Of The Party Authorizing The Disclosure

Agent May Sign If The Designation Is Present Parents Generally Can Sign On Behalf Of Minors Unless

The Minor Consents And Parental Consent Is Not Mandated Under State Law

The Court Appoints A Guardian Or Allows Assent Parent Agrees That It The Child Has A Confidential

Relationship

Identity Of The Party Receiving The Disclosure Identity Of The Party Providing The Disclosure

The Core Elements Of A Valid Authorization:

©Copyright 2005Paul D. Friedman, M.A., J.D.

AUTHORIZATION ELEMENTS

Description Of Information To Be Disclosed Purpose For Disclosure Expiration Date Or Event Required Statements

Right To Revoke The Authorization Treatment Not Conditioned On Signature

Redisclosure May Occur Plain Language Copy Of Signed Authorization Provided To Individual

Core Elements Of A Valid Authorization (cont):

©Copyright 2005Paul D. Friedman, M.A., J.D.

AUTHORIZATION ELEMENTS

Copy Is Valid As An Original May Be Prepared By A Third Party No Required Format HIPAA Federally Preempts State Laws Unless

State Law Prevents Fraud And Abuse Ensures Appropriate State Insurance Regulation Necessary For State To Report Health Care Delivery Costs Compelling Need Related To Public Health, Safety Or Welfare Regulation Of Controlled Substances State Law Is More Stringent Than HIPAA Reporting of Disease, Injury, Child Abuse, Birth Or Death Health Plan Management Audits

Other Considerations For Authorizations:

©Copyright 2005Paul D. Friedman, M.A., J.D.

DISCLOSURE WITHOUT AUTHORIZATION

Providers Own Treatment, Payment Or Health Care Operations

Another Provider If Conducting Quality Assessment Case Management And Care Coordination Informing Patient Of Treatment Alternatives

Threat To Health Or Safety & Complies With Legal Duties Law Enforcement Public Health Activities Victims Of Abuse, Neglect Or Domestic Violence

Lawful Oversight Activities Judicial & Administrative Proceedings

Authorization Is Not Mandated:

©Copyright 2005Paul D. Friedman, M.A., J.D.

DISCLOSURE WITHOUT AUTHORIZATION

Disclosure Must Be Made To A Law Enforcement Officer

Must Be Required By Law Mandatory Reportable Physical Injuries (I.e. gunshot wound) Court Order Administrative Request

Relevant & Material To A Legitimate Law Enforcement Inquiry Request Is Specific & Limited In Scope To Purpose Which Is

Sought Redacted Information Would Not Be Useful

Victims Of Abuse, Neglect Or Domestic Violence

Law Enforcement Disclosures:

©Copyright 2005Paul D. Friedman, M.A., J.D.

DISCLOSURE WITHOUT AUTHORIZATION

Location Of A Suspect, Fugitive, Material Witness Or Missing Person Name & Address Date & Place Of Birth Social Security Number Blood Type & Rh Factor Type Of Injury Date & Time Of Treatment Date & Time Of Death (if applicable) Physical Characteristics

Height, Weight, Gender, Race Hair Color, Eye Color, Facial Hair, Scars and Tattoos

Law Enforcement Disclosures (continued):

©Copyright 2005Paul D. Friedman, M.A., J.D.

DISCLOSURE WITHOUT AUTHORIZATION

Patient Suspected To Be A Victim Of A Crime Who Agrees To Disclosure Cannot Consent Due To Incapacity Or Emergency

Circumstance Provider Determines It Is In The Best Interests Of The Patient Information Is Needed To Determine If a Law Was Violated Adverse To Law Enforcement Activity To Wait For Permission

Death If It Is Suspected Was A Result Of Criminal Activity

Emergency Situation Commission & Nature Of A Crime Location Of A Crime Identity, Description & Location Of Perpetrator Of Crime

Law Enforcement Disclosures (continued):

©Copyright 2005Paul D. Friedman, M.A., J.D.

DISCLOSURE WITHOUT AUTHORIZATION

Patient Is Present And Agrees Or ObjectsPatient Is Incapacitated

Provider Determines That Patient Would Not Object To Surrogate

Can Be For Limited InformationCan Be Retracted At Any Time

Friends & Relatives

©Copyright 2005Paul D. Friedman, M.A., J.D.

HYPOTHETICAL NUMBER ONE

©Copyright 2005Paul D. Friedman, M.A., J.D.

I Just Hate Hippotheticals!

HYPOTHETICAL NUMBER ONE

You are taking care of a well-known actress who is in intensive care after a drug overdose. She is experiencing severe renal failure.

A nurse on another floor asks you if you are aware that this actress is on your unit after the overdose.

What do you say? ©Copyright 2005Paul D. Friedman, M.A., J.D.

HYPOTHETICAL NUMBER ONEAsk yourself the following questions:

1) Does your friend need to know if the patient is being treated in your facility?

2) Does your friend need to know if the patient is being treated in intensive care?

3) Does your friend need to know if the patient overdosed to do his [the nurse’s] job?

4) If you were the patient, would you want this person [the inquiring nurse] to know about your treatment?

©Copyright 2005Paul D. Friedman, M.A., J.D.

HYPOTHETICAL NUMBER ONE

HIPAA forbids you from sharing this information unless it is necessary for the treatment of this patient.

HIPAA forbids the other nurse from accessing information unless it is necessary for his treatment of the patient.

©Copyright 2005Paul D. Friedman, M.A., J.D.

HYPOTHETICAL NUMBER ONE

©Copyright 2005Paul D. Friedman, M.A., J.D.

That Was Pretty Easy. I Kind ofLike This Guy!

HYPOTHETICAL NUMBER TWO

©Copyright 2005Paul D. Friedman, M.A., J.D.

I Spoke Too Soon!

HYPOTHETICAL NUMBER TWO

©Copyright 2005Paul D. Friedman, M.A., J.D.

A family member of you patient calls your unit and asks you questions about the status of the patient.

What do you say?

HYPOTHETICAL NUMBER TWO

©Copyright 2005Paul D. Friedman, M.A., J.D.

Ask yourself the following questions:

1) Did The Patient Give You Authority To Speak To Family Members?

2) If So, Have You Been Authorized To Release The Information You Are Asked To Disclose?

HIPAA RESOURCES

http://www.aamc.org http://www.hhs.gov/topics/privacy.html http://www.hipaadvisory.com lhttp://www.cio.gov/documents/info_security

©Copyright 2005Paul D. Friedman, M.A., J.D.

THE END OF HIPAA

©Copyright 2005Paul D. Friedman, M.A., J.D.

Whew, Now Ican come back.That Wasn’t So

Bad!