Agenda. New 42 CFR Part 2 Regulations and Information Sharing. Presented by: Christina Grijalva, RHIA, CHC OCHIN Compliance Specialist 4/28/2016

Similar documents
42 CFR Part 2: Improvements and New Challenges with the Use and Disclosure of Substance Use Disorder Treatment Records

VHA Privacy Policy Training FY VHA Privacy Office

Our Journey In Health IT And Health Information Exchange Working Towards Ubiquitous, Computable Care. Review Data Systems For Monitoring HIV Care

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

Health Information Exchange: Substance Abuse Patient Records March 3, 2016

42 CFR Part 2 and HIPAA: Sharing Behavioral Health Information in Compliance with the Law

NOTICE OF PRIVACY PRACTICES

Patient Privacy Requirements Beyond HIPAA

Governor s Office of Electronic Health Information (GOEHI) The National Council for Community Behavioral Healthcare

Privacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

EMPOWERING THE NEW HEATHCARE ERA

NOTICE OF PRIVACY PRACTICES

Discharge Planning for Patients Hospitalized for Mental Health Treatment Interpretative Guidelines for Oregon Hospitals

Health Information Technology and Coordinating Care in Ohio

HIPAA & HEALTH INFORMATION EXCHANGE

NOTICE OF PRIVACY PRACTICES

Notice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity

Data Sharing Consent/Privacy Practice Summary

BON SECOURS RICHMOND NOTICE OF PRIVACY PRACTICES

Sutter Health. Steven Lane, MD, MPH, FAAFP Sutter EHR Ambulatory Physician Director

Missouri Health Connection. One Connection For A Healthier Missouri

A general review of HIPAA standards and privacy practices 2016

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

NOTICE OF PRIVACY PRACTICES

Data Segmentation for Privacy (DS4P)

OREGON HIPAA NOTICE FORM

1303A West Campus Drive

Sharing Behavioral Health Information in Massachusetts: Obstacles and Potential Solutions. March 30, 2016

Behavioral Health Information Network of Arizona

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

NORTH CAROLINA HEALTH INFORMATION EXCHANGE AUTHORITY. Christie Burris, HIEA Executive Director Department of Information Technology

Notice of privacy practices

SUMMARY OF JOINT NOTICE OF PRIVACY PRACTICES (HOSPITAL AND MEMBERS OF ITS MEDICAL STAFF)

Privacy and Consent Primer

THE CHILDREN S INSTITUTE OF PITTSBURGH NOTICE OF PRIVACY PRACTICES

Health Information Exchange and Telehealth: Opportunities for Integration!

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

Proposed Regulations NEW YORK STATE DEPARTMENT OF HEALTH Return to Public Health Forum

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

Health Center Controlled Networks Overview and Resources

HIPAA IMPLICATIONS: Patient Rights Under HIPAA

CHI Mercy Health. Definitions

The Queen s Medical Center HIPAA Training Packet for Researchers

NOTICE OF PRIVACY PRACTICES

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

NOTICE OF PRIVACY PRACTICES Full Length Version Effective Date: 4/19/2016

Health Center Program Update

Health Center Program Update

Improving Care Coordination Through Health Information Exchange

NEW BRIGHTON CARE CENTER

JOINT NOTICE OF PRIVACY PRACTICES

CIO Legislative Brief

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

Fostering Effective Integration of Behavioral Health and Primary Care in Massachusetts Guidelines. Program Overview and Goal.

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016

ARRA New Opportunities for Community Mental Health

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

Roll Out of the HIT Meaningful Use Standards and Certification Criteria

HSX Meaningful Use Support of Transitions of Care

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

REPORT OF THE BOARD OF TRUSTEES. Protection of Clinician-Patient Privilege (Resolution 237-A-17)

Massachusetts Department of Public Health. Privacy of Health Data

The HIPAA privacy rule and long-term care : a quick guide for researchers

Alumni Foundation Database

HIPAA PRIVACY RULE. Joint Commission on Accreditation of Healthcare Organizations. Margaret VanAmringe. Vice-President, External Relations

Pennsylvania Patient and Provider Network (P3N)

Sharing health information electronically eliminates the need for faxing, copying and handcarrying your health record from provider to provider.

Merit-Based Incentive Payment System (MIPS) Advancing Care Information Performance Category Transition Measure 2018 Performance Period

2018 American Medical Association. All rights reserved.

HHS DRAFT Strategic Plan FY AcademyHealth Comments Submitted

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA RIVERSIDE CAMPUS HEALTH CENTER

Research Compliance Oversight in the Department of Veterans Affairs

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

NOTICE OF PRIVACY PRACTICES

Marrying Your Medicaid Management Information System (MMIS) and Your Health Information Exchange (HIE)

Preparing for DSRIP: Legal and Strategic Issues for Long-Term Care Providers. LeadingAge New York Webinar

Health Current: Roadmap Practice Transformation using Information & Data

Defense Health Agency PROCEDURAL INSTRUCTION

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

Adult Drug Court Discretionary Grant Program FY 2018 Competitive Grant Announcement. Frequently Asked Questions

Staff Training. Understanding Healthix Patient Consent

Minnesota s Plan for the Prevention, Treatment and Recovery of Addiction

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

COMPLIANCE ROUND-UP. December 13, Aegis Compliance & Ethics Center, LLP 1

State of Alaska Department of Corrections Policies and Procedures Chapter: Subject:

PRIVACY IMPACT ASSESSMENT (PIA) For the

Health Information Privacy Policies and Procedures

Patient Registration Form Pediatrics

HIPAA PRIVACY TRAINING

Delaware Health Information Network Town Hall Wednesday, July 13, :00 a.m. 12:00 p.m.

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

NOTICE OF PRIVACY PRACTICES

NEW PATIENT PACKET. Address: City: State: Zip: Home Phone: Cell Phone: Primary Contact: Home Phone Cell Phone. Address: Driver s License #:

SUBMIT/RECEIVE STATEWIDE ADMISSION, DISCHARGE, TRANSFER (ADT) NOTIFICATIONS

Universal Public Health Node (UPHN): HIE and the Opportunities for Health Information Management

Notice of Privacy Practices

Transcription:

New 42 CFR Part 2 Regulations and Information Sharing Presented by: Christina Grijalva, RHIA, CHC OCHIN Compliance Specialist Agenda OCHIN Background information Environment of Data Sharing Data Sharing and Safeguards Proposed Rule for 42 CFR Part 2 OCHIN s Position 1

Who Is OCHIN? OCHIN is a nonprofit health care innovation center designed to promote access to quality, affordable health care for all. One of the nation s largest and most successful Health Information Networks In 18 states, coast to coast Touching over 4,500 physicians OCHIN States OCHIN s History is One of Innovation 2000 OCHIN Founded 2002 OCHIN began providing Epic Practice Management to Community Health Organizations 2005 2007 OCHIN makes Epic OCHIN s Practice 2011 EHR available to Based Research Epic Community Health 2011 Network (PBRN) is Accreditation Organizations Among the 1 and OCHIN st in 2011 created selected as Oregon s Regional Extension Center the country to establish integration with the SSA OCHIN branches out with multiple EHRs with the addition of ecw 2012 OCHIN Epic deployed to Corrections, Behavioral, Naturopathic 2016 OCHIN Research publishes Conceptual Model for Social Determinants of Health in Primary Care 2015 CHITO Partnership and development of Provider Directory and Metric Alignment initiative 2015 Acuere real time data aggregation of clinical and claims data 2014 OCHIN awarded ADVANCE Clinical Data Research Network & built nation s most comprehensive clinical datasets on safety net patients 2014 Veterans Affairs (VA) bidirectional exchange live 2013 Managed $25M Investment in Medical Grade Network Infrastructure 2013 OCHIN is awarded the first PCORI research grant to Oregon 2

OCHIN s Offering is Focused on Health Care Transformation Technology Best of breed technologies targeted to create population health and support care transformation Acuere QOL Hosted Epic Connectivity and Telehealth Solutions Data Only Studies and Analytics Translational Research Observational and Natural Experiment Studies Research Focused on improving the health of underserved populations, enhancing quality of care, and informing health policy Outcome s Services Professional services range from staff augmentation to operational support to strategic planning Quality Improvement and Leadership Institute Billing and Financial Consulting Compliance and Risk Assessment Environment of Data Sharing 3

OCHIN exchanged over 8.4 million records with more than 250 organizations in FY2015 Through Epic Care Everywhere, we exchange with organizations spanning 48 states. Through ehealth Exchange, we exchange records with the Social Security Administration, VLER (Virtual Lifetime Electronic Record), and Veterans Health Information Exchange [VHIE]). Through ehealth Exchange or HL7 Interfaces, we connect with Statewide and Regional HIEs. Through XDR Direct, we connect with Behavioral Health EHR (Netsmart) National Engagement on Data Exchange OCHIN is an ehealth Exchange Anchor Participant OCHIN is a member of the Care Connectivity Consortium (CCC) with Geisinger Health System (PA), Group Health Cooperative (WA) Intermountain Healthcare (UT) Kaiser Permanente (CA) Mayo Clinic (MN) 4

EHR Adoption Rates between 2008 2014 Data Sharing Strategies and Safeguards 5

OCHIN Strategies to Support Data Sharing 1. Contractual 2. Technology 3. Operational 11 Contractual Organized Health Care Arrangement OCHIN and its OCHIN Epic Members are part of an Organized Health Care Arrangement (OHCA) Members of the OCHIN OHCA may disclose PHI To another Member of the OHCA for health care operations activities of the OCHA. 12 6

13 Contractual Agreements Business Associate Agreements (BAAs) OCHIN has (BAAs) with each of our Member organizations which describe the permitted and required uses of PHI Data aggregation Limited data sets Member Contracts OCHIN has contracts with each of our Member organizations specifying the Epic Care Everywhere Rules of the Road for accessing other non OCHIN Epic organization s patient records Consent Forms All OCHIN Members with a Part 2 Program are required to have a Part 2 compliant patient authorization/consent included in the patient s records in order for those records to be maintained within the Epic EHR. Technology Single OCHIN EPIC Medical Record In OCHIN Epic, a patient has a single medical record, regardless where they are seen within the OHCA Break the Glass by OCHIN Members is required Requires the user to select a reason for accessing the patient s record 14 7

Technology Acuere Data Aggregation Tool Acuere is a tool that allows Acuere customers (OCHIN and non OCHIN) to benchmark patient care practices within their own organizations against the aggregate practice standards of other Acuere participants for quality improvement and population health management purposes Proposed rule allows population health management under a QSOA 15 Operational Compliance Tools for OCHIN Members OCHIN 42 CFR Part 2 Decision Tree tool White paper Patient Privacy in OCHIN Epic A Guide 16 8

Is the provider Federally assisted? No Activity If a specialized provider or a specialized unit within a general medical facility Holds its self out as providing and provides alcohol or substance abuse treatment Yes No Yes Y e s Is the provider a general medical facility? Y e s Does the general medical facility have a unit which Holds its self out as providing, and provides alcohol and substance abuse treatment? N o Are there personnel within the facility whose primary function is providing alcohol or substance abuse treatment, and who are identified as such specialized personnel? Y e s 42 CFR Part 2 will apply No 42 CFR Part 2 will not apply Part 2 Program Patient Authorization/Consent If an OCHIN Member has a Part 2 program, and they want their patients medical records included within the OCHIN Epic EHR, OCHIN requires that their patients sign a Part 2 compliant authorization permitting the disclosure to the OCHIN Collaborative.* * BREAKING NEWS This aligns with new proposed 42 CFR Part 2 Rule 18 9

Patient Privacy in OCHIN Epic a Guide Internal Safeguards Sensitive Encounter Functionality Sensitive Department Functionality External Safeguards Care Everywhere Restricted Departments 19 Patient Privacy in OCHIN Epic a Guide (Continued) Designating a Sensitive Encounter or Department 20 10

Patient Privacy in OCHIN Epic a Guide (Continued) Break the Glass Process 2016 Epic Systems Corporation. All rights reserved. Certain information contained herein is confidential and must be treated accordingly 21 Patient Privacy in OCHIN Epic a Guide (Continued) Care Everywhere Restricted Department & Confidential Department Patient Opt Out 22 11

Patient Privacy in OCHIN Epic a Guide (Continued) User security Access Reports Break the Glass Reports 2016 Epic Systems Corporation. All rights reserved. Certain information contained herein is confidential and must be treated accordingly 23 Proposed Rule for 42 CFR Part 2 24 12

New Proposed Rule 42 CFR Part 2 February 9, 2016 HHS published proposed 42 CFR Part 2 rule changes Comment Period ended April 11, 2016 Goes into effect 180 days after the final rule is published Intended to modernize the rules to facilitate electronic exchanges of substance use disorder (SUD) information Clarifies definitions and consent for release of information requirements Proposed Changes to 42 CFR Part 2 Methadone programs (pg 6993)(New 2.4)(Old 2.15(b)) Current: must report violations of 42 CFR Part 2 to the FDA Proposed: must report violations of 42 CFR Part 2 to U.S. Attorney s Office and SAMHSA Definition of Patient (pg 6995)( 2.11) Proposed: Patient includes any individual who, after arrest on a criminal charge is identified as an individual with a substance use disorder in order to determine that individual s eligibility to participate in Part 2 programs. This definition includes both current and former patients. 26 13

QSO Definition Definition of Qualified Service Organization (QSO) Change Proposed: Revise the definition of QSO to include population health management in the list of examples of a services a QSO may provide. Health Information Exchange (HIE) SAMHSA uses entity without a treating provider relationship that serves as an intermediary 27 Amount and Kind The new rule proposes to require the consent form to explicitly describe the SUD related information to be disclosed. The types of information that may be requested include: diagnostic information, medications and dosages, lab tests, allergies, substance use history, summaries, trauma history summary, employment information, living situation and social supports, and claims/encounter data. Authorization language: Acceptable: All of my substance use disorder related claims/encounter data Unacceptable: All of my records 28 14

HIEs and Consent Current Approach: The consent form requires the name of the individual and organization to which a disclosure is made. Proposed Approach: the new 42 CFR Part 2 regulation is proposing to permit the inclusion of a general designation in the To Whom section of the consent form Examples include: To OCHIN and all my treating providers To all my treating providers at OHSU HIEs and covered entities must have a mechanism in place to determine whether a treating provider relationship exists between the patient and the provider 29 List of Disclosures and Acknowledgement List of Disclosures: The HIE and a covered entity must provide a list upon written request (includes for treatment purposes) Written Consent and Acknowledgement: Patient understands the terms of the consent, and the right for an accounting of disclosures 30 15

Confidentiality Restrictions and Safeguards Continued Consent Form Revisions Proposed: Responses sent to the patient electronically may be sent by encrypted transmission or by unencrypted email at the request of the patient as long as the patient has been informed of the potential risks associated with unsecured transmission. 31 Summary of the Proposed Law 42 CFR Part 2 Summary of the Law: The notice can be either on paper or in an electronic format The notice must contain the contact information for reporting violations 32 16

Prohibition on Re Disclosure Clarifications The new rule proposes to clarify the current prohibition on re disclosure Prohibited Disclosures: Conditions Permitted Disclosure: Release of medical information unrelated to Part 2 treatment 33 Medical Emergencies The new rule proposes to give providers more discretion to determine when a bona fide medical emergency exists Proposed language states that patient identifying information may be disclosed to medical personnel to the extent necessary to meet a bona fide medical emergency when a patient s consent cannot be obtained The requirement to document in writing specific information related to the medical emergency is maintained 34 17

Research Ability to Link Data Sets The new regulation is proposing to permit linking of data sets that include patient identifying information if the data is: From a federal data repository AND Approved by an IRB 35 OCHIN s Position 36 18

Initial reaction to Proposed 42 CFR Part 2 Aligns with direction OCHIN has implemented to facilitate data sharing for Part 2 records and is progress Believe that clinicians need to have complete patient information at point of care, and unclear that will improve Focus on Data Segmentation for Privacy (DS4P) initiative raises some practical questions about ability of technology vendors to build that into design of products and still provide integrated systems 37 Initial reaction to Proposed 42 CFR Part 2 (Continued) Many BH/SUD programs have not implemented certified technology because of the lack of meaningful use incentive payments. We think the lack of information sharing makes a SUD patient who seek treatment more vulnerable, not less, than those who don t seek treatment. Implementation of new Final Rule will take time 38 19

Questions? 39 Thank You! Lynne Shoemaker Integrity Officer shoemakerl@ochin.org 40 20

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback