1 / 17

H IPAA PRIVACY WORK GROUP FOR EYE BANKS

H IPAA PRIVACY WORK GROUP FOR EYE BANKS. EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator. Eye Banks ARE NOT typically subject to HIPAA. HIPAA Overview. H ealth I nsurance P ortability & A ccountability A ct. 1996 Portability and accessibility

luna
Download Presentation

H IPAA PRIVACY WORK GROUP FOR EYE BANKS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA PRIVACY WORK GROUPFOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator

  2. Eye Banks ARE NOT typically subject to HIPAA.

  3. HIPAA Overview Health Insurance Portability & Accountability Act • 1996 • Portability and accessibility - Pre-existing conditions - Enrollment at “life events” • Accountability • Administrative Simplification • Privacy /Security Rule • Enforcement • Breach

  4. HITECH Act Health Information Technology for Electronic and Clinical Health • 2009 • Part of ARRA, aka the “Stimulus Bill” • EMR/EHR Adoption Rules and Incentives • Increased HIPAA Fines and Penalties • Expanded Applicability of HIPAA

  5. Allowable Disclosures HIPAA allows for the use and disclosure of PHI without authorization under 45 CFR 164: • 164.512(b) FDA-regulated products: tracking, adverse events, post market surveillance • 164.512(g) Coroners and Medical examiners: for determining cause of death • 164.512(h) Cadaveric organ, eye or tissue donation facilitation

  6. Who is Subject to HIPAA • Covered Entities • Business Associates

  7. Covered Entity • (A health plan). • (A health care clearinghouse). • A health care provider who transmits any health information in electronic form in connection with a transaction covered by this chapter. • 45 CFR 160.103

  8. Covered Entity – Exception #1 “We delete from the definition of ‘‘health care’’ activities related to the procurement or banking of blood, sperm, organs, or any other tissue for administration to patients… “Consequently, such procurement or banking activities are not considered health care and the organizations that perform such activities are not considered health care providers for purposes of this rule.” HIPAA Privacy Final Rule, Federal Register/Vol. 65, No. 250/ Thursday, December 28, 2000, p. 82571-2

  9. Covered Entity – Exception #2

  10. Business Associate With respect to a covered entity, a person who: • On behalf of such covered entity, • But other than as a member of its workforce, • Performs or assists in the performance of • A function or activity involving the use or disclosure of individually identifiable health information… 45 CFR 160.103

  11. Business Associate (BA) • Claims processing or administration • Data analysis • Processing or administration • Utilization review • Quality Assurance • Billing • Benefit Management • Practice Management • Repricing • Any other function regulated in this subchapter …On behalf of the covered entity

  12. Business Associate (BA) • Legal • Actuarial • Accounting • Consulting • Data Aggregation • Management • Administrative • Accreditation • Financial Services …

  13. Business Associate – NOT US HIPAA Privacy Final Rule, Federal Register/Vol. 65, No. 250/ Thursday, December 28, 2000, p. 82688.

  14. Business Associate – What’s the Problem • HIPAA now applies directly to Business Associates • Civil and Criminal Penalties now apply directly to BAs • Must report Covered Entity for HIPAA non-compliance • Subject to HIPAA Audit by Heath and Human Services Signing a Business Associate Agreement subjects an exempt organization to HIPAA compliance

  15. What’s so Bad about Being a BA Business Associates subject to HIPAA Fines and Penalties: “Authority to impose civil money penalties on business associates for violations of the HITECH Act is provided by sections 13401(b) and 13404(c).” Breach Notification for Unsecured Protected Health Information, Interim Final Rule, Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009

  16. Business Associate - Implications Business Associates are subject to HIPAA Audit by HHS: “The protocol and audit program performance requested under this contract shall assist OCR in operating an audit program that effectively implements the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by ARRA.” Federal Business Opportunities (FBO.gov)

  17. Defend your Status Document for your partners: • 512(h) disclosuresallowed without authorization • Covered Entity –NOT for Eye Banks • Business Associate -NOT for Eye Banks • Your dedication to donor privacy and data security (including compliance with 21 CFR Part 11)

More Related