Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

Similar documents
Patient Privacy Requirements Beyond HIPAA

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

Parental Consent For Minors to Receive Services

Notice of HIPAA Privacy Practices Updates

Notice of Privacy Practices

HIPAA PRIVACY TRAINING

CAPITAL SURGEONS GROUP, PLLC

PEDIATRIC HEALTH ASSOCIATES HIPAA NOTICE OF PRIVACY PRACTICES

OREGON HIPAA NOTICE FORM

NOTICE OF PRIVACY PRACTICES

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016

FERPA, CHALLENGES FACING SCHOOL NURSES & DISCIPLINARY ACTIONS FERPA. MELANIE BALESTRA, MN, NP, JD JD August May 4, 22, 2012

HIPAA Privacy Rule and Sharing Information Related to Mental Health

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

FERPA 101. December 4, Michael Hawes Director of Student Privacy Policy U.S. Department of Education

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA IRVINE HEALTHSYSTEM

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Mental Health. Notice of Privacy Practices

MAIN STREET RADIOLOGY

HIPAA Policies and Procedures Manual

NOTICE OF PRIVACY PRACTICES

Catholic Charities Disabilities Services. In-Home Behavioral Support Services (2017)

NOTICE OF PRIVACY PRACTICES

If you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at

NOTICE OF PRIVACY PRACTICES

1303A West Campus Drive

JOINT NOTICE OF PRIVACY PRACTICES

HIPAA Notice of Privacy Practices

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

HIPAA PRIVACY NOTICE

always legally required to follow the privacy practices described in this Notice.

DEPARTM PRACTICES. Effective: Tel: Fax: to protecting. Alice Gleghorn, Page 1

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

SUMMARY OF NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.

FAMILY PHARMACEUTICAL SERVICES NOTICE OF PRIVACY PRACTICES effective 9/23/2013

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

NOTICE OF PRIVACY PRACTICES

Piedmont Healthcare, Inc. Code of Conduct

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

A Better You Counseling Services, LLC 1225 Johnson Ferry Road, Ste 170 Marietta GA

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES

The Queen s Medical Center HIPAA Training Packet for Researchers

LAW AND ETHICS I N T R O D U C T I O N T O H E A L T H S C I E N C E

INFORMED CONSENT FOR TREATMENT

ADVANCED PLASTIC SURGERY, PLLC. NOTICE OF PRIVACY PRACTICES

Catholic Charities Disabilities Services 2017 Family Reimbursement Grant For Respite Funds 1 Park Place, Suite 200 Albany, NY (518)

JOHNS HOPKINS HEALTHCARE

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES FOR MAYO CLINIC ARIZONA

HIPAA and Mandatory Reporting Hiding in Plain Sight

CHI Mercy Health. Definitions

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

Compliance Program And Code of Conduct. United Regional Health Care System

o Department of Defense DIRECTIVE DoD Nonappropriated Fund Instrumentality (NAFI) Employee Whistleblower Protection

Welcome to LifeWorks NW.

PATIENT BILL OF RIGHTS & NOTICE OF PRIVACY PRACTICES

Joseph Bikowski, M.D., Associates

To ensure proper disclosure and release of Protected Health Information (PHI) Division/Department: All HealthPoint Policy/Procedure #:

NOTICE OF PRIVACY PRACTICES

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

AN ACT authorizing the provision of health care services through telemedicine and telehealth, and supplementing various parts of the statutory law.

Please Note: Please send all documentation related to the credentialing portion of this documentation to:

SCARF. Serving Children and Reaching Families, LLC. Client Handbook

Credentialing Application

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability

New Patient Information

Southwest Acupuncture College /PWFNCFS

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA RIVERSIDE CAMPUS HEALTH CENTER

NOTICE OF PRIVACY PRACTICES

The Plan will not credential trainees who do not maintain a separate and distinct practice from their training practice.

Appendix E Checklist for Campus Safety and Security Compliance

REPORT OF THE BOARD OF TRUSTEES. Protection of Clinician-Patient Privilege (Resolution 237-A-17)

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Notice of Privacy Practices for Protected Health Information (PHI)

HEALTH CARE PROVIDERS IMMUNITY FROM LIABILITY ACT

NOTICE OF PRIVACY PRACTICES OF THE OSF HEALTHCARE SINGLE AFFILIATED COVERED ENTITY

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

STANDARDS OF CONDUCT A MESSAGE FROM THE CHANCELLOR INTRODUCTION COMPLIANCE WITH THE LAW RESEARCH AND SCIENTIFIC INTEGRITY CONFLICTS OF INTEREST

JOINT NOTICE OF PRIVACY PRACTICES

Associates in ear, nose, throat/ Head & Neck surgery, pllc

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

Transcription:

Higher Education Institute: Avoiding Compliance Pitfalls Across Your Campus From Admissions to the Title IX Office to the Board Room Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

Goals Provide an overview of laws, rules and regulations respecting privacy, scope of practice by providers in student health centers and how to respond in emergency situations. Understand limits on services provided and restrictions on information sharing. Advise on practical considerations involved in the operation of student health centers.

Student Health Centers - Generally Provide services to students, faculty and staff No services provided to general public Services are limited in scope Often covered by payment of a flat student health fee (e.g., no Medicare/Medicaid, private insurance reimbursement) Important for HIPAA

Laws, Rules and Regulations Federal Laws State Laws Agency Regulations Professional Practice Standards Institution Policies, Procedures, Rules, Etc.

Regulation of Student Health Centers Not regulated like hospitals, diagnostic & treatment centers or clinics Generally treated like private offices Practitioners are subject to laws governing practitioners Scope of practice and limitations consistent with scope of licensure/certification Regulated through licensure of providers by Education Department

Scope of Services Limited typically primary care and treatment Can provide counseling services through center or campus counseling office Referral to outside providers Emergency treatment situations

Rules of Conduct New York State grants license to practice medicine and regulates the scope of practice Professional Misconduct Gross negligence or gross incompetence Negligence or incompetence on more than one occasion Practicing while impaired Willful or grossly negligent failure to comply with provisions of federal or state law Directly or indirectly offering, giving, soliciting or receiving or agreeing to receive, any fee or other consideration to or from a third party for a referral

Professional Misconduct Examples: Revealing personally identifiable facts, data or information obtained in a professional capacity without the prior consent of the patient Failing to maintain a record for each patient which accurately reflects the evaluation and treatment of the patient Failing to exercise appropriate supervision over persons who are authorized to practice only under the supervision of a licensed professional

Medical Records General Purpose: Document evaluation and treatment, promote good care, and support administrative functions, discipline and billing Contemporaneous record of the event Electronic Medical Records Must have a records retention policy (active records vs. historical retention) Unprofessional conduct to fail to maintain a record for each patient, which accurately reflects the evaluation and treatment of the patient

Copies of Medical Records Requests must be in writing Should be made in advance Must have a policy in place to address records requests

Confidentiality of Medical Records Sources of Confidentiality Obligation Hippocratic Oath AMA Principles of Medical Ethics Federal Law: HIPAA/FERPA overlay State Law: Education Law, Public Health Law, Mental Hygiene Law, CPLR

Confidentiality of Medical Records Important to protect students privacy Avoid illegal and unethical disclosures Understand to whom and when permissive disclosures can be made Generally, with consent, disclosure is usually permitted Practically, should be limited to those with a legitimate need to use the information

HIPAA/FERPA HIPAA Health Insurance Portability and Accountability Act of 1996 FERPA Family Educational Rights and Privacy Act Both restrict access to records, require consent to release and have certain exceptions that allow disclosure without consent

HIPAA/FERPA Tension between two: What records are covered by each? Who has access? Can parents access records? Application: HIPAA Hybrid Entity FERPA If applicable, applies to institution as a whole Intersect in student health center

HIPAA Uniform Federal Privacy Law Protected health information (PHI): information that is oral or recorded, created or received, and relates to past, present or future health or condition, healthcare provided, or payment Education Records covered by FERPA are explicitly excluded from the definition of PHI General Rule: May not use or disclose PHI without an authorization unless an exception applies Exceptions: Payment, treatment and healthcare operations

HIPAA Preemption HIPAA - provides a Federal floor of privacy protections for protected health information. State laws that are contrary to the Federal HIPAA Privacy Rule are preempted by the Federal requirements, unless a specific exception applies. Exceptions include if the State law: provides greater privacy protections or privacy rights with respect to such information reporting of disease or injury, child abuse, birth, or death, or for public health surveillance, investigation, or intervention In these circumstances, a HIPAA Covered Entity is not required to comply with a contrary provision of the HIPAA Privacy Rule.

HIPAA Covered Entity Covered Entity: In order to be a Covered Entity a health care provider must: Furnish, bill or receive payment for health care in the normal course of business Transmit covered transactions electronically Not all health care providers are Covered Entities under HIPAA Is a student health center a Covered Entity?

HIPAA Covered Entity (cont.) Covered transactions : health care claims or equivalent encounter information, coordination of benefits, referral certification and authorization, etc. Simply maintaining electronic medical records on behalf of students is NOT a covered transaction Transmitting medical records to students, parents, other providers for a student s treatment is NOT a covered transaction HOWEVER, if: A student health center transmits medical records to obtain authorization to obtain authorization for referring a student to a health care provider; or A provider electronically transmits medical records to a health plan to substantiate claims for payment. The center MAY be engaging in a covered transaction HR assistance with claims processing for employees can also render an organization a Covered Entity

HIPAA - Implications Implications of being deemed a covered entity? Significant. Must create policies and procedures HIPAA Privacy Rules and Security Rules apply Must enter into business associate agreements with vendors to whom the student health center transmits protected health information Liability for breaches

HIPAA-Patient s Rights Access Amendment Accounting of disclosures Restrictions on use and disclosure Confidential communications alternate means or location Breach notification

HIPAA Parent s Rights Parents may be personal representatives for HIPAA purposes and authorized to make medical decisions for the students Access information Control use and disclosure

HIPAA Hybrid Entity Institution may be a hybrid entity as its activities include covered and non-covered functions under HIPAA Covered functions = health care component Must make a designation Hybrid entity functions must be separated from other functions

HIPAA Authorization Similar process can/should be used for medical records requests Contents of the Authorization: To whom, by whom and what disclosed Purpose of the disclosure Expiration date or event Right to revoke Information is subject to re-disclosure without protection Additional requirements for NYS: HIV/AIDS Mental health Substance abuse Genetic Informaiton

FERPA Uniform Federal Law that protects and ensures access to educational records by students and parents Applies to public/private agencies and institutions that receive federal funds and individuals acting for those agencies and institutions Education Record: Records directly related to a student and maintained by an educational institution or a party acting on the institution s behalf. Health records are NOT required on a postsecondary level. Includes: records maintained by student health center Immunization records Not included: records kept by the maker (e.g, personal notes and observations)

FERPA - PII Personally Identifiable Information (PII): includes name, address, personal identifiers (ss #, date of birth) or other information that, alone or in combination, can be used to ID a student Medical and psychological treatment records are excluded if they are made, maintained and used only in connection with the treatment of a student over 18 and disclosed only to individuals providing the treatment Only disclosed with consent or under applicable exception

FERPA (cont.) Shields access to such records from the public; disclosure is generally prohibited without consent Once a student reaches 18 years of age or attends a postsecondary institution, he or she becomes an "eligible student," and all rights formerly given to parents under FERPA transfer to the student Campus personnel may share information with other school officials with a legitimate education interest Can disclose to parents if: Student is under 21 and has violated an institutional rule or policy re drugs/alcohol If student is dependent for federal tax purposes

FERPA Emergencies May disclose for health and safety emergencies Disclosure permitted without written consent if necessary to protect the health and safety of the student or other individuals May be made to appropriate parties (e.g., public health officials, trained medical personnel, parents) Case-by-case determination: must be an articulable and significant threat (e.g., must be able to explain, based on information, what the threat is at the time of disclosure) Must document disclosure in student s educational record

HIPAA/FERPA - Revisited If student health center is a HIPAA Covered Entity, it must comply with HIPAA However, education records (including treatment records for 18+ year old students) of students in the student health center may not be covered under HIPAA due to the carve out If school discloses an eligible student s treatment records for purposes other than treatment, the treatment records are no longer excluded from definition of education records Provision of care to staff? Others? Could be covered by HIPAA and not FERPA HR claims information

Other Laws Respecting Confidentiality General: New York Public Health 17-18 Mental Health: New York Mental Hygiene Law 33.13 Federal Drug & Alcohol Abuse: 42 CFR Part 2 HIV/AIDS: New York Public Health Law 27-f

Mental Health Considerations in Higher Education Issues of confidentiality, treatment, scope of services, expectations Also legal rights of parents, students and institutions Need to balance privacy and security Review institution and counseling center policies, code of conduct and access to services

Mental Health Considerations What if you suspect an individual is a danger to others? Mental Hygiene Law 33.13(c)(6) Applies to facilities licensed by or operated by OMH or OPWDD. Private offices are not covered; however, the provisions of the MHL are persuasive and can be a guidepost for how to resolve situations. Provides that information about patients shall not be reported except to an endangered individual and law enforcement when a psychiatrist or psychologist has determined that a patient presents a serious and imminent danger to that individual. Standard: serious and imminent danger Permissive, not mandatory Any such disclosure must be documented in the patient s medical record

Mental Health Considerations (cont.) Mental Hygiene Law 9.46 - The SAFE Act Enacted January 2013 Applies to mental health professionals - physicians, psychologists, RNs, licensed clinical social workers Mandates disclosure where a mental health professional determines, in the exercise of reasonable professional judgment that a patient is likely to engage in conduct that would result in serious harm to [the patient] or others Report goes to the director of community services, who then shall report to the division of criminal justice if the director believes the patient is likely to engage in such conduct Information reported is limited to names and other non-clinical identifying information Information may only be used to determine whether a firearm license should be suspended or revoked Standard: determination in the exercise of reasonable professional judgment that the person is likely to engage in conduct that would result in serious harm No action necessary where the action would endanger the professional or increase the danger to a victim

Malpractice Duty (Standard) of Care duty to possess required knowledge and skill duty to exercise ordinary and reasonable care in the application of such knowledge and skill Depends on what a reasonably prudent physician would have done under the circumstances in the locality Breach of a duty Breach is the proximate cause of the injury (i.e., what you did wrong caused the injury)

Malpractice Malpractice Insurance Occurrence based Covers alleged acts of malpractice that occur while the policy is in force no matter when the claim is made. Policy A, effective 1-1-16 12-31-16, alleged act occurs 10-1-16, and claim made in 2017. Covered. Claims made Covers alleged acts of malpractice which both occur and are reported to the insurer during the time the policy is in continuous force. Policy A, effective 1-1-16 12-31-16, alleged act occurs 10-1-16, and claim made in 2017. Not covered, unless tail coverage is maintained after the effective term of the policy.

Best Practices Consider carefully whether HIPAA applies to the student health center, consult counsel as necessary If HIPAA does apply, consider hybrid entity designation Maintain complete and accurate records Carefully and promptly respond to medical records requests Review when health information may/may not be disclosure Understand scope of services

Questions?

Contact the Presenter Richard T. Yarmel Location: Rochester Phone: 585-231-1268 Email: ryarmel@hselaw.com Edward H. Townsend Location: Rochester Phone: 585-231-1254 Email: etownsend@hselaw.com Website: www.hselaw.com

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback