medical records in court life after hipaa n.
Download
Skip this Video
Download Presentation
Medical Records in Court: Life after HIPAA

Loading in 2 Seconds...

play fullscreen
1 / 24

Medical Records in Court: Life after HIPAA - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Medical Records in Court: Life after HIPAA. North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government. Roadmap. Fundamentals of the HIPAA privacy rule History HIPAA vs. state law Covered entities

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Medical Records in Court: Life after HIPAA' - ina-burks


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
medical records in court life after hipaa

Medical Records in Court:Life after HIPAA

North Carolina Conference of Superior Court Judges, October 2003

Presented by

Jill Moore, UNC School of Government

roadmap
Roadmap
  • Fundamentals of the HIPAA privacy rule
    • History
    • HIPAA vs. state law
    • Covered entities
    • “Protected health information” (PHI)
    • Disclosures of PHI for court proceedings
  • How has HIPAA changed the landscape?
hipaa history
HIPAA History
  • Health Insurance Portability and Accountability Act of 1996
  • Administrative Simplification provisions
    • Health care industry conducting electronic transactions with many different codes and languages  high administrative costs
    • Unable to agree on voluntary standards, so requested regulation
    • DHHS directed to establish standards, plus provide for privacy and security of the information
hipaa vs state law
HIPAA vs. state law
  • HIPAA privacy rule intended to be a federal floor of privacy protection, by regulating the use and disclosure of health information and individuals’ rights respecting that information
  • HIPAA preempts contrary state laws, unless the contrary law is more stringent
    • In general, a state law is more stringent if it affords greater privacy protection or provides an individual more rights
hipaa vs state law1
HIPAA vs. state law
  • The hole in the federal floor: State laws that require disclosures of health information are not preempted
    • State laws only preempted if they are contrary to HIPAA
    • HIPAA privacy rule specifically allows disclosures of PHI that are required by state law
    • State laws requiring disclosures are therefore not contrary and not preempted
hipaa vs state law2
HIPAA vs. state law
  • General rules for NC covered entities—must comply with:
    • HIPAA privacy rule
    • State laws requiring disclosures
      • Example: GS 130A-135—physicians shall report communicable diseases to health department
    • State laws that are more protective of privacy or afford greater individual rights
      • Example: GS 130A-143—may disclose communicable disease information only in specified circumstances
covered entities
Covered entities
  • HIPAA directly regulates only public and private “covered entities”:
    • Health plans
    • Health care clearinghouses
    • Health care providers that transmit health information electronically in connection with a transaction covered by HIPAA
protected health information
Protected health information
  • The HIPAA privacy rule governs how covered entities use and disclose “protected health information” (PHI)
  • PHI is information in any form or medium, including electronic and paper records, and oral communications
protected health information1
Protected health information
  • PHI is information that:
    • Identifies an individual (or there is a reasonable basis to believe it can be used to identify the individual), and
    • Relates to one of the following:
      • the past, present, or future physical or mental health or condition of the individual,
      • the provision of health care to the individual, or
      • the past, present, or future payment for the provision of health care.
disclosing phi
Disclosing PHI
  • General rule—Disclosure of PHI requires the individual’s authorization
    • Authorization must be in writing
    • Forms must include elements specified by the HIPAA privacy rule
disclosing phi1
Disclosing PHI
  • Exceptions—Disclosure without written authorization is permitted:
    • When disclosure is required by privacy rule (only two circumstances: disclosures to individual; disclosures to US DHHS for compliance or enforcement purposes)
    • For treatment, payment, and health care operations
disclosing phi2
Disclosing PHI
  • Exceptions (continued)—Disclosure without written authorization permitted:
    • For certain purposes, such as hospital directories, provided the individual is given an opportunity to agree or object to the disclosure
    • For “national priority” purposes—among other things, child abuse reporting, public health purposes, judicial and administrative proceedings
disclosing phi for court proceedings
Disclosing PHI for court proceedings
  • Must consider both HIPAA and state law
  • HIPAA permits disclosure of PHI in judicial proceedings without the individual’s written authorization, provided certain requirements are met
  • But in North Carolina, much PHI will be privileged and may only be disclosed in accordance with applicable privilege statutes
    • State privilege statutes afford greater privacy protection and are therefore not preempted
disclosing phi for court proceedings1
Disclosing PHI for court proceedings
  • Medical records and information usually will be privileged, so disclosure will require either
    • the individual’s authorization, or
    • a court order compelling disclosure, if in the court’s opinion disclosure is necessary for a proper administration of justice
  • But information that is PHI per HIPAA but not privileged per state law may be disclosed in accordance with HIPAA procedures
disclosing phi for court proceedings2
Disclosing PHI for court proceedings
  • If the information is privileged and disclosure is made with the individual’s authorization:
    • A covered entity may not disclose the record or information unless the authorization is in writing and includes all the elements required by HIPAA
    • Entities covered only by state law will also require written authorization, but their forms may look different
disclosing phi in court proceedings
Disclosing PHI in court proceedings
  • If the information is privileged and the individual has not authorized disclosure, the information cannot be disclosed without the requisite findings and court order
    • This applies equally to HIPAA-covered entities and entities that are subject only to state law
disclosing phi in court proceedings1
Disclosing PHI in court proceedings
  • If the information is not privileged but it is PHI, a covered entity may only disclose it:
    • With the individual’s written authorization, or
    • According to the procedures set forth in the HIPAA privacy rule for disclosing without the individual’s authorization.
disclosing phi in court proceedings2
Disclosing PHI in court proceedings
  • A covered entity may disclose PHI that is not privileged without the individual’s authorization in response to:
    • A court order, provided the entity discloses only the PHI expressly authorized by the order.
    • A subpoena, a discovery request, or other lawful process without a court order if:
      • Reasonable efforts are made to notify the individual that disclosure is sought, or
      • Reasonable efforts are made to secure a qualified protective order (as defined in the privacy rule).
how has hipaa changed the landscape
How has HIPAA changed the landscape?
  • Many holders of health information are covered entities and must comply with both HIPAA and state laws—including some that are not ordinarily seen as health care providers.
how has hipaa changed the landscape1
How has HIPAA changed the landscape?
  • Confusion abounds. Expect:
    • To hear the term “HIPAA” used to refer to all of medical confidentiality law—federal and state.
    • Misperceptions about who is covered by HIPAA.
    • Misunderstandings about how a covered entity may (and must) respond to subpoenas for medical records or information.
    • False beliefs about when a covered entity can and cannot disclose under HIPAA.
    • False beliefs about the continued viability of state law.
what has hipaa changed what remains the same
What has HIPAA changed? What remains the same?
  • Disclosures in court proceedings: Privileged information
    • Changed:
      • Disclosures with individual’s authorization must be in writing and include specific elements
    • Unchanged:
      • Disclosures without individual’s authorization require court order
what has hipaa changed what remains the same1
What has HIPAA changed? What remains the same?
  • Disclosures in court proceedings: PHI that is not privileged
    • Changed:
      • Disclosures with individual’s authorization must be in writing and include specific elements
      • Disclosures without individual’s authorization only permitted in response to
        • a court order
        • a subpoena, discovery request or other lawful process with notice or protective order
what has hipaa changed what remains the same2
What has HIPAA changed? What remains the same?
  • Disclosures in court proceedings: Health information held by an entity that is not a covered entity under HIPAA
    • Unchanged by HIPAA
  • Other disclosures that may be litigated:
    • Unchanged by HIPAA
    • But will HIPAA ultimately change standard of care?
slide24

Jill Moore

UNC School of Government

CB 3330 Knapp Building

Chapel Hill, NC 27599-3330

919-966-4442

jill_moore@unc.edu

www.medicalprivacy.unc.edu