1 / 24

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004. Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880. Public Concerns.

cruz
Download Presentation

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Banks and the Privacy of Medical Information8th National HIPAA SummitMarch 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880

  2. Public Concerns 95% adult Americans do not want banks to have access to their medical record information without their permission.* * Gallup Organization nation-wide poll, August 2000, available at: http://forhealthfreedom.org/Gallupsurvey/index.html Joy Pritts, JD

  3. Information Networks: HIPAA & GLBA Affiliate Affiliate Affiliate Affiliate PHI PHI PHI Banks PHI PHI Protected Health Info. (PHI) Health Care Provider Joy Pritts, JD Health Plan Health Care Provider

  4. Public Concerns Increased access to identifiable health information by banks + Increase in bank-insurer affiliations + More sophisticated computer technology + Potential financial incentive . Concerns about banks obtaining and using health information for consumer credit decisions & sharing health information with affiliates Joy Pritts, JD

  5. Goal: Protect Privacy of Health Info. as It Flows through the System Banks PHI Covered Covered Covered Claim for payment Protected Health Info. Health Care Provider Joy Pritts, JD Health Care Provider Health Plan

  6. Primary Laws • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • Gramm-Leach-Bliley Act (Financial Services Modernization Act) 1999 • Fair and Accurate Credit Transactions Act of 2003 (FACT Act) • Amendments to Fair Credit Reporting Act Joy Pritts, JD

  7. HIPAA & Banks • Are banks covered by HIPAA? • What activities of banks, if any, make them “health care clearinghouses” covered by HIPAA? Joy Pritts, JD

  8. Processing Consumer Payment Info. Does Not Make a Bank a HIPAA Clearinghouse NOT Covered Checks or Credit Card Payments Info. Bank Credit Card Co. 3d Party or Affiliates Covered Checks or Credit Card Payments Patient Health Care Provider Joy Pritts, JD

  9. Processing 3d Party EFT Does Not Make a Bank a HIPAA Clearinghouse NOT Covered EFT Bank Bank Covered Covered EFT Claim for payment Health Care Provider Health Plan Joy Pritts, JD

  10. Does Processing ERAs Make a Bank a HIPAA Clearinghouse? NOT Covered – Sec. 1179 Exemption? Info. 3d Party or Affiliate ERA – Identifiable Health Info. Bank ERA Bank Covered Covered Covered Covered Claim for payment Health Care Provider Health Plan Health Care Provider Joy Pritts, JD

  11. Sec. 1179 PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS SEC. 1179. To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following: (1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, reconciling, or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check or electronic funds transfer. * * * 42 USCS § 1320d-8 Joy Pritts, JD

  12. If banks are exempt from HIPAA under 1179, to what extent is medical information held by banks protected by other laws? Issue Joy Pritts, JD

  13. GLBA • Designed to encourage affiliations between banks and other “financial institutions” • Applies only to consumer & customer financial information, not commercial transactions • Privacy provisions establish limits on sharing financial information (which may contain medical info.) Joy Pritts, JD

  14. GLBA Limits Sharing Consumer Payment Info. Covered Notice & Opt Out Notice Information Information Affiliates Bank 3d Party Checks Credit Checks or Credit Card Payments Patient Health Care Provider Joy Pritts, JD

  15. GLBA Does Not Prohibit Banks from Using Consumer Payment Info. NOT Covered Checks or Credit Card Payments Bank Credit Card Co. Covered Checks or Credit Card Payments Health Care Provider Patient Joy Pritts, JD

  16. GLBA Doe Not Prohibit Banks from Using or Sharing Info. from Commercial Transactions 3d Party Affiliates Not Covered by GLBA ERA ERA – Identifiable Health Info. Bank Bank Covered Claim for payment Health Care Provider Health Care Provider Joy Pritts, JD Health Plan

  17. Intent of FACT Act Fill some of gaps in privacy protections in: • HIPAA • GLBA • Within context of consumer credit protections Joy Pritts, JD

  18. FACT Act • Prohibits obtaining & using medical information for consumer credit decision purposes except where banking agencies determine it is “necessary and appropriate” to protect legitimate operational, transactional, risk, consumer and other needs • Consistent with intent to restrict use of medical info. for inappropriate purposes Joy Pritts, JD

  19. Regulations Drafted by Banking Agencies that Allow Using Info. for Credit May be Narrow. . . Covered Patient ERA – Identifiable Health Info. Checks Credit Banks Covered Checks Credit EFT Claim for payment Health Care Provider Health Care Provider Joy Pritts, JD Health Plan

  20. … or Broad Covered Patient ERA – Identifiable Health Info. Checks Credit Banks Covered Checks Credit EFT Claim for payment Health Care Provider Health Care Provider Joy Pritts, JD Health Plan

  21. FACT Act Does NotProhibit Using Payment Info. for Insurance, Marketing or Other Purposes NOT Covered ERA Patient EFT Bank Checks Credit Bank ERA Covered Checks Credit EFT Claim for payment Health Care Provider Health Care Provider Joy Pritts, JD Health Plan

  22. Limits on Sharing Medical Info. Are Not Clear Under best circumstances, permits banks to share medical info. with affiliates for any purpose: • Permitted without authorization under Privacy Rule or • Referred to under Section 1179 Joy Pritts, JD

  23. Conclusion If banks are fully exempt under Sec. 1179, the medical information that they receive is not fully protected by other laws. Joy Pritts, JD

  24. The End

More Related