1 / 27

New School Violence Law; HIPAA Privacy Training

New School Violence Law; HIPAA Privacy Training. Presented by: Tracey K. Jaensch, Esq. What We Will Cover. New Personnel and Privacy Issues Arising from Marjory Stoneman HS Public Safety Act Overview of HIPAA Privacy Requirements

delongm
Download Presentation

New School Violence Law; HIPAA Privacy Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New School Violence Law; HIPAA Privacy Training Presented by: Tracey K. Jaensch, Esq.

  2. What We Will Cover • New Personnel and Privacy Issues Arising from Marjory Stoneman HS Public Safety Act • Overview of HIPAA Privacy Requirements • Exceptions Related to Law Enforcement • Take Aways

  3. HIPAA Privacy and Security Rule Overview • Health Insurance Portability and Accountability Act (HIPAA) • Amendment – Health Information Technology for Economic and Clinical Health (HITECH) Act • Purpose of Mandates • properly protect individuals’ health information while allowing the flow of health information needed to provide and promote high quality health care

  4. HIPAA Privacy Rule • Applicable only to Covered Entities and Business Associates • Requires implementation of standards to safeguard protected health information (PHI)

  5. HIPAA Privacy Rule • Covered Entities • health plans (fully insured or self-funded) • health care providers (e.g. Crossroads) • healthcare clearinghouses • Business Associates • person or organization that performs, or assists in performing, a service or function on behalf of a covered entity that involves use or disclosure of PHI

  6. HIPAA Privacy Rule Entities Specifically NOT Covered • Employers • Life, Disability, and Workers’ Compensation Insurers • Law Enforcement Agency • School? What services provided and who pays for services

  7. HIPAA Privacy Rule PHI is: • individually identifiable health information • in any form • Electronic • Written • Oral • that is created or received by a covered entity or business associate

  8. Examples of PHI • Names and Addresses • Premiums and coverage amounts • Account numbers • Geographic subdivisions smaller than a State, including street address, city, county, zip • Certificate/license numbers • All elements of dates (except year) directly related to an individual, including birth date, admission date, discharge date, or date of death • Internet Protocol (IP) address • Telephone and Fax numbers, E-mail Addresses • Biometric identifiers, including finger and voice prints, full face photographic images, etc. • Social Security Numbers • Medical record numbers and Health Plan Beneficiary Numbers • Any other unique identifying number, characteristic, etc.

  9. HIPAA Privacy Rule • Defines when PHI is: • required to be disclosed • permitted to be used or disclosed without consent • permitted to be used or disclosed only with authorization from the individual

  10. HIPAA Security Rule • contains requirements for the storage, transmission and access to electronic PHI • applies to covered entities and business associates

  11. HIPAA Privacy and Security Rule Overview • Enforcement of Privacy and Security Rule • Privacy and Security Officer • Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) • States Attorney General

  12. HIPAA Privacy and Security Rule Overview • Civil Penalties • States Attorney General max recovery of $25K • OCR 4 tiers up to $1.5M for willful violations • Individuals may share in civil penalties recovered

  13. Privacy Rule Compliance • To the individual involved; • For routine disclosures for health purposes with or without the individual’s consent; OR • With the individual’s authorization, to make non-routine disclosures. Permitted Uses and Disclosures

  14. Privacy Rule Compliance Routine Disclosures • Health care Treatment; • Health care Payment; OR • Health care Operations -Disclosures generally permitted with or without individual’s consent

  15. Privacy Rule Compliance Non-Routine Disclosures(Non-TPO) • Marketing • Employment decisions; or • Non-health purposes. Those disclosures relating to: - Must Get Written Authorization

  16. Privacy Rule Compliance • Minimum Necessary Standard • Any disclosure of PHI must be in a limited data set or, if more information is needed, the minimum necessary • Incidental disclosures not a violation

  17. Compliance with Privacy Rules Communications with Family Members • HIPAA allows communication of PHI to the individual • A parent of a minor child and the executor or administrator of a deceased individual’s estate are treated under HIPAA as if they are the individual • To disclose PHI to other family members (for example, a spouse) you must obtain the written consent of the individual

  18. LAW ENFORCMENT AND HIPPA45 CFR Chapters 160 and 164. 45 CFR §164.512(f) • A law enforcement organization is not a covered entity. • A covered entity may disclose protected health information (PHI) for a law enforcement purpose, to a law enforcement official, only under several sets of circumstances.

  19. LAW ENFORCMENT AND HIPPA45 CFR Chapters 160 and 164. 45 CFR §164.512(f) A law enforcement official is defined as "an officer or employee of any agency or authority of the United States, a State, a territory, a political subdivision of a State or territory, or an Indian tribe," who is: empowered by law to investigate or conduct an official inquiry into a potential violation of law; or, prosecute or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law.

  20. Permitted Disclosures • As required by specific reporting laws • In compliance with (and limited by relevancy requirements) of: • Court order or court-ordered warrant • Subpoena or summons issued by judicial officer • A grand jury subpoena • An administrative request

  21. 1. Relevant and material to a legitimate law enforcement inquiry • Specific and limited in scope to the extent reasonably practicable in light of the purpose for which info sought • For a purpose for which de-identified information could not be used

  22. IDENTIFICATION AND LOCATION PURPOSES • PHI may be disclosed for "identification and location" purposes, in response to a law enforcement officer's official request. Purposes would include identifying or locating a suspect, fugitive, material witness, or missing person.

  23. COVERED ENTITY MAY ONLY DISCLOSE THE FOLLOWING FOR ID AND LOCATION: • name and address; • date and place of birth; • social security number; • ABO blood type and rh factor; • type of injury; • date and time of treatment; • date and time of death, if applicable; and, • a description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair (beard or mustache), scars, and tattoos. • The regulations specifically exclude any PHI related to the individual’s DNA or DNA analysis, dental records, or typing, samples or analysis of body fluids or tissue (unless it is one of the items listed above).

  24. Law Enforcement Official’s Request • Victim PHI • Dead Individual PHI • On Premises Criminal Activity • Provider providing emergency health care in response to medical emergency off-premises

  25. http://www.hhs.gov/ocr/privacy/

  26. IMPACT ON NEW PERSONNEL AND THREAT ASSESSMENT TEAMS • Act requires Resource Officer who is a certified officer • MOU with Sheriff or law enforcement • Additional training of school personnel (who is a law enforcement officer?) • Privacy Rules and training

  27. Thank You

More Related