Privacy Issues and the Children s Hospital EMR

Similar documents
SAMPLE. Release of Information in California: E-book Series, 12 of 12. Published by:

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

NOTICE OF PRIVACY PRACTICES

Patient Registration Form

NOTICE OF PRIVACY PRACTICES

Lalita Matta, MD Estrela Chaves, NP, CDE

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

HIPAA & HEALTH INFORMATION EXCHANGE

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

NOTICE OF PRIVACY PRACTICES

Family Care Health Centers

NOTICE OF PRIVACY PRACTICES

Privacy and Consent Primer

GUIDANCE November 26, 2007

Instructions for Returning these Forms

Accessing HEALTHeLINK

HIPAA & OPIOID RESPONSE

Massachusetts Department of Public Health. Privacy of Health Data

A general review of HIPAA standards and privacy practices 2016

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

Written Financial Policy

PATIENT NOTICE. If you are already taking any of the above medications, your provider may want to talk to you about alternative treatments.

NOTICE OF PRIVACY PRACTICES

Re-Vita -Life. Sub-dermal Bio-identical Pellets

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

NOTICE OF PRIVACY PRACTICES

Patient Privacy Requirements Beyond HIPAA

Louisiana Medicaid Hospital Precertification for Acute Care. On Line Webinar November 12 13, 2009

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

Patient Registration Form

NYU Langone Health Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES Full Length Version Effective Date: 4/19/2016

NOTICE OF PRIVACY PRACTICES

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

42 CFR Part 2: Improvements and New Challenges with the Use and Disclosure of Substance Use Disorder Treatment Records

PEDIATRIC HEALTH ASSOCIATES HIPAA NOTICE OF PRIVACY PRACTICES

Consent Form Requirements for Multicenter studies when CHOP Relies on an external IRB

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

HIPAA Privacy Rule and Sharing Information Related to Mental Health

Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.

Dear New Patient, Once again, we would like to thank you for choosing us as your primary health care provider. We look forward to working with you.

NOTICE OF PRIVACY PRACTICES OF THE OSF HEALTHCARE SINGLE AFFILIATED COVERED ENTITY

NOTICE OF PRIVACY PRACTICES

HIPAA-HITECH HELPBOOK NJ Physician Practices

NOTICE OF PRIVACY PRACTICES

DURABLE POWER OF ATTORNEY FOR HEALTH CARE DECISIONS (Medical Power of Attorney) I,, born, designate

Welcome to University Family Healthcare, PA.

American Health Lawyers Association State Law Landscape for Health Information Technology

MCCP Online Orientation

Woonsocket Health Hut Handbook

Privacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA

Notice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity

Jodi Bremer-Landau, PhD Licensed Psychologist

INFORMED CONSENT DOCUMENT. Project Title: The Contraceptive Choice Center: an innovative health services delivery and payment model

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

University of Wisconsin-Madison Policy and Procedure

San Francisco Department of Public Health (DPH) Full Notice of HIPAA Privacy Rights Effective Date: May 19, 2015

Indiana. Your Medical Record Rights in. (A Guide to Consumer Rights under HIPAA)

If you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at

The process has been designed to be user friendly and involves a few simple steps.

Northwestern University Department of Urology

Election to Participate in CareFirst s Patient Centered Medical Home

The Children's Clinic Patient Information Form

PATIENT REGISTRATION FORM (ecw)

Notice of privacy practices

CHI Mercy Health. Definitions

EMPOWERING THE NEW HEATHCARE ERA

CAPITAL SURGEONS GROUP, PLLC

Provider s Frequently Asked Questions Availity in California

Your Medical Record Rights in Wisconsin

Use And Disclosure Of Protected Health Information (PHI) For Research

1303A West Campus Drive

NOTICE OF PRIVACY PRACTICES

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

DEPARTM PRACTICES. Effective: Tel: Fax: to protecting. Alice Gleghorn, Page 1

Emergency Contact Name: Relationship: Home #: ( ) Cell #: ( ) Alternate #: ( ) Pharmacy Information Pharmacy Name: Phone #: ( ) Location:

Health Information Exchange (HIE)

Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

Catholic Charities Disabilities Services. In-Home Behavioral Support Services (2017)

Patient Registration Form Pediatrics

The care of your newborn child, or the placement of a child with you for adoption or foster care; or

12057 Jefferson Blvd LA, CA (323)

HEALTH HISTORY QUESTIONNAIRE

INFORMED CONSENT FOR TREATMENT


HH Health System-Shoals, LLC dba Helen Keller Hospital Notice of Privacy Practices

Mobile Mammo Registration Instructions

Welcome to The Brevard Health Alliance

Responsible Party Information (Information used for patient balance statements) Responsible Party Another Patient Guarantor Self

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016

New Patient Checklist

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

Welcome to Hawaii Women s Healthcare

UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE

Notice of Privacy Practices

HIPAA Training

PATIENT INFORMATION RESPONSIBLE PARTY INFORMATION NAME: DOB: SEX: M / F SOCIAL SECURITY # RELATIONSHIP TO PATIENT: PHONE #: CELL#: EMPLOYER:

Associated Pediatric Dentistry Belleville, Edwardsville, O Fallon, IL

PATIENT INFORMATION. In Case of Emergency Notification

Transcription:

Privacy Issues and the Children s Hospital EMR This roundtable discussion is brought to you by the Children s Hospital Affinity Group of the In-House Counsel (In- House) and Teaching Hospitals and Academic Medical Centers (THAMC) Practice Groups, and is co-sponsored by the Health Information and Technology (HIT) Practice Group. February 15, 2013 12:00-1:15 pm Eastern Presenters Robin L. Canowitz, Esquire, Senior Attorney, Vorys Sater Seymour & Pease LLP, Columbus, OH, rlcanowitz@vorys.com Daniel F. Gottlieb, Esquire, Partner, McDermott Will & Emery LLP, Chicago, IL, dgottlieb@mwe.com Moderator: Jessica Braunstein, Esquire, Associate General Counsel, Children s Healthcare of Atlanta, Atlanta, GA, jessica.braunstein@choa.org 1

Agenda Data elements requiring special treatment Internal access and external release to other providers, health information exchange, etc. Patient portals and patient/parent access to information Programs to create appropriate levels of access for hospital personnel Tools for monitoring access and disclosure of information 2

Data elements requiring special treatment The HIPAA regulations provide a base line of protection for all Protected Health Information (PHI) State law and the federal alcohol and drug abuse confidentiality rules provide additional protections for sensitive subcategories of PHI Privacy and security policies should be revised to reflect: More stringent state and federal laws Different access rights of parents and children for different categories of information at different ages of the child 3

Sensitive Categories of PHI Sensitive categories of PHI vary from state to state, but often include: Substance abuse treatment program information Mental health and developmental disability information HIV/AIDs test results Sexually transmitted diseases Genetic testing information 4

Sensitive Categories of PHI (cont d) In many states, unemancipated minor has the right to consent to diagnosis and treatment for and control PHI about sensitive conditions such as: Pregnancy Abortion HIV/AIDs and other sexually transmitted diseases Sexual assault or any condition resulting from the assault Mental illness or psychiatric condition Alcohol consumption or drug use and/or their addiction Some states grant physician discretion to share information and/or encourage parental involvement 5

Sensitive Categories of PHI (cont d) EHR technology presents technical challenges to management of sensitive information Psychiatric drugs in the medication list HIV-positive or mental health diagnosis in the problem list HIV test result in the structured lab data Free text field in progress notes Parent and child access to patient portal Quality of care and tort law may conflict with health information privacy law How should the conflict be navigated? 6

Internal Access and External Release Access Controls for Internal Usage Policies on Use of records for Research Use of technology to deter people from looking at records they don t have a need to view Are there categories of information that only certain people can see? Some institutions have walled off records from their substance abuse treatment programs 7

External Release of Records Releases to allow information to be shared? Issues with patient name changes birth hospital to specialty hospital. Confirming who has the right to allow release of information. 8

Patient Portals and Patient/Parent Access Proxy Access who do you allow to have access to the portal? Patient/Parent/Legal Guardian all have their own access. Can all see the same information. What do you do with proxy access when the patient becomes an adult? Do you allow minor patients to have direct access to the portal? If so, at what age, and for what purposes? How do you turn access on and off? 9

Patient Portals What do you allow to be posted? At NCH no information on AIDS, STDs and Mental Health because of state law issues If the site does not have complete information, there should be a disclaimer about that. NCH decided not to post inpatient test results because it could create confusion. When do you post test results? At NCH physicians given 72 hours to review test results before they are automatically posted. 10

Patient Portals (cont d) Email communication tools how to implement? Who will respond? What is the expectation of the patient? 11

Appropriate Levels of Access The HIPAA minimum necessary standard requires a hospital or other covered health care provider to limit a request, use or disclosure of PHI to the minimum amount of PHI necessary for disclosure unless it is For Treatment Required by Law Pursuant to patient or parent s authorization Within another limited exception Hospital should develop role-based access policies for PHI that correspond to technical capabilities of its EHR Send periodic reminders about appropriate access 12

Appropriate Levels of Access (cont d) PHI may be used and disclosed for academic purposes within hospital subject to the minimum necessary standards Faculty and students should receive training on appropriate use of PHI for educational purposes 13

Tools for Monitoring Access and Disclosure HIPAA Security Rule requires reasonable procedures: Log-in monitoring Regular review of records of information system activity, such as audit logs, access reports, and security incident tracking reports. Develop reasonable and practical practices to monitor EHR s activity logs to identify inappropriate access Rely upon technical, automated auditing where possible Cisco and other vendors offer sophisticated monitoring tools that identify deviations from baseline activity 14

Privacy Issues and the Children s Hospital EMR 2013 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought from a declaration of the American Bar Association 15

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback