1 / 10

Advanced Privacy Issues

Advanced Privacy Issues . Gregory D. Frost Breazeale, Sachse & Wilson LLP Baton Rouge, Louisiana. We’re going to do something different …. We’re going to discuss what you want to talk about Afterward, we’re going to give you a handout that covers the topics discussed.

hetal
Download Presentation

Advanced Privacy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Privacy Issues Gregory D. Frost Breazeale, Sachse & Wilson LLP Baton Rouge, Louisiana

  2. We’re going to do something different …. • We’re going to discuss what you want to talk about • Afterward, we’re going to give you a handout that covers the topics discussed

  3. So, what would you like to talk about? • Suggestions: • HITECH changes: • Breach reporting • Notice of Privacy Practices • Immunizations • Fundraising • Marketing • Sale of PHI

  4. So, what would you like to talk about? • More suggestions: • New proposed accounting rule • De-identification, limited data sets, data use agreements, etc. • Access and amendment • "legal" health record • meaningful use standard

  5. So, what would you like to talk about? • Other suggestions?

  6. Proposed Accounting Regulations • Issued May 31, 2011 • Comment period expired August 1, 2011 • Would— • Modify the existing rule for written accounting • Add a more comprehensive “access report” for electronic data • Would go into effect: • For written accounting, 240 days after publication of final rule • For access report: • EHR acquired on or before January 1, 2009: • January 1, 2014 (no extension) • EHR acquired after January 1, 2009: • January 1, 2013 (2-year extension)

  7. Proposed Accounting Regulations • Written accounting • Would apply only to disclosures from designated record set • Would go back only 3 years • Individual could limit it, e.g., to a particular period, type of disclosure or recipient • Would have to be provided within 30 days (with one 30-day extension)

  8. Proposed Accounting Regulations

  9. Proposed Accounting Regulations • Access Report • Would have to indicate who has accessed PHI in an electronic designated record set held by the CE or a BA within three years prior to the request • No option to provide list of business associates • Would affect only business associates holding designated record set • Would not be limited to electronic health record • Would include internal access (i.e., use) as well as disclosure • Would have to include • Date and time of access • Name of natural person, if available, otherwise entity having access • Description of information accessed, if available • Description of action if available, e.g., create, modify, accessor delete • Would not have to include the purpose

  10. Proposed Accounting Regulations • Access Report • Would have to be in a format understandable to the individual • Machine readable or hard copy, as requested by individual • CE would have to allow individual to limit report to a specific date, time period or user • Would have to be provided within 30 days, with one 30-day extension • CE would have to provide one report free every 12 months • Charge for additional reports limited to reasonable, cost-based fee

More Related