American Health Lawyers Association State Law Landscape for Health Information Technology

Similar documents
Rural Health and the Law: Emerging Issues and Trends

Privacy Issues and the Children s Hospital EMR

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

The HIPAA Privacy Rule and Research: An Overview

New Patient Information

Privacy Rio Grande Valley HIE Policy: P1. Last date Revised/Updated 02/18/2016

Weber Family Chiropractic PC Patient Right to Request Restrictions on Use and Disclosure of Health Information

Privacy and Consent Primer

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Proposed Regulations NEW YORK STATE DEPARTMENT OF HEALTH Return to Public Health Forum

Sharing Behavioral Health Information in Massachusetts: Obstacles and Potential Solutions. March 30, 2016

Measures Reporting for Eligible Hospitals

JOINT NOTICE OF PRIVACY PRACTICES

A State-Based Approach To Privacy And Security For Interoperable Health Information Exchange

REPORT OF THE BOARD OF TRUSTEES. Protection of Clinician-Patient Privilege (Resolution 237-A-17)

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

Recruiting subjects for clinical research outside the academic setting

Consumer View of Personal Information Risks

Executive Summary, November 2015

Electronic Health Information: State and Local Approaches to Data Sharing

GRAVES-GILBERT CLINIC NOTICE OF CURRENT PRIVACY PRACTICES

PRIVACY IMPACT ASSESSMENT (PIA) For the. Department of Defense Consolidated Cancer Registry (CCR) System. Defense Health Agency (DHA)

Meaningful Use and Public Health. Chris Wells Public Health IT Director June 30, 2014

Electronic Health Records and Meaningful Use

PHR and the Issue of Patients Altering Professionally-Sourced Data

HIPAA & HEALTH INFORMATION EXCHANGE

I. Preamble: II. Parties:

PROTOCOL-SPECIFIC DOCUMENT

Notice of Privacy Practices

Privacy, Security and Data Exchange (PSDE) Committee

Characteristics of Local Health Departments Associated with Their Implementation of Electronic Health Records and Other Informatics System

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

19/09/2017. Telehealth Legal and Regulatory Issues in Colorado and Beyond. Nathaniel Lacktman, October 2017

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

OVERVIEW OF THE USES AND DISCLOSURES OF PHI

Attorney General's Guidelines for Domestic FBI Operations V2.0

Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

RESEARCH POLICY MANUAL

Notice of HIPAA Privacy Practices Updates

Health Information Exchange: Substance Abuse Patient Records March 3, 2016

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

R. Gregory Cochran, MD, JD

States that Allow Prescribers and/or Dispensers to Appoint a Delegate to Access the PMP

December 21, Dear Secretary Leavitt:

Health Information Exchange and Telehealth: Opportunities for Integration!

Massachusetts Department of Public Health. Privacy of Health Data

SAMPLE. Release of Information in California: E-book Series, 12 of 12. Published by:

The HIPAA privacy rule and long-term care : a quick guide for researchers

HIPAA-HITECH HELPBOOK NJ Physician Practices

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

The Duty to Record: Ethical, Legal, and Professional Considerations for Pennsylvania Psychologists

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Farm Co-operatives and Collaboration Pilot Program Farmer Group Projects Funding Guidelines

The Duty to Record: Ethical, Legal, and Professional Considerations for Arkansas Psychologists

Data Integration and Big Data In Ontario Brian Beamish Information and Privacy Commissioner of Ontario

1303A West Campus Drive

FERPA 101. December 4, Michael Hawes Director of Student Privacy Policy U.S. Department of Education

PATIENT INFORMATION. In Case of Emergency Notification

EMPOWERING THE NEW HEATHCARE ERA

Section Idaho State Legislature

OREGON HIPAA NOTICE FORM

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

practice standards CFP CERTIFIED FINANCIAL PLANNER Financial Planning Practice Standards

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

JOINT NOTICE OF PRIVACY PRACTICES

1. Department of Defense (DoD) Human Subjects Protection Regulatory Requirements

PRIVACY IMPACT ASSESSMENT (PIA) For the

Innovations in Addressing Malpractice Claims, Part I

Funded in part through a grant award with the U.S. Small Business Administration

MDS 3.0 Section Q Implementation Questions and Answers from Informing LTC Choice conference and s June 7, 2010

PRIVACY IMPACT ASSESSMENT (PIA) For the

PRIVACY IMPACT ASSESSMENT (PIA) For the

The Children's Clinic Patient Information Form

NOTICE OF PRIVACY PRACTICES

The Queen s Medical Center HIPAA Training Packet for Researchers

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

12 King Philip Rd. Sudbury, MA (585)

Clarifying HIPAA Privacy Rules for Mental Health and Addiction Crises. National Council for Behavioral Health March 19, 2018

Behavioral Health Information Network of Arizona

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

John W. Steele, Ph.D., Licensed Psychologist 1285 Fairfield Drive, Boulder, CO 80305

Building Blocks for HIE in California

Keeping Your Compliance Program in Pace with Rapidly Expanding TeleHealth Services

Notice of privacy practices

Lilly Grant or Charitable Donation Application - Part II

Revision of Executive Order Privacy and Civil Liberties Information Paper 1

Psychological Services Agreement

CHI Mercy Health. Definitions

NOTICE OF PRIVACY PRACTICES

42 CFR Part 2: Improvements and New Challenges with the Use and Disclosure of Substance Use Disorder Treatment Records

HIPAA. The. Privacy Regulations. The Fetal and Infant Mortality Review Process:

LegalNotes. Disparities Reduction and Minority Health Improvement under the ACA. Introduction. Highlights. Volume3 Issue1

NOTICE OF PRIVACY PRACTICES This Notice is effective September 23, 2013

Southwest Idaho Ear, Nose and Throat, P.A. Notice of Privacy Practices

Madison Area Technical College Foundation and Alumni Office Policy on the Privacy of Alumni Data

PRIVACY IMPACT ASSESSMENT (PIA) For the

PRIVACY IMPACT ASSESSMENT (PIA) For the

DURABLE POWER OF ATTORNEY FOR HEALTH CARE DECISIONS (Medical Power of Attorney) I,, born, designate

Transcription:

American Health Lawyers Association State Law Landscape for Health Information Technology August 9, 2017 Cason D. Schmit, J.D. Texas A&M University, School of Public Health Department of Health Policy and Management, College Station, TX schmit@sph.tamhsc.edu This webinar is sponsored by

Acknowledgements Public Health Law Program Office for State, Tribal, Local and Territorial Support U.S. Centers for Disease Control and Prevention Gregory Sunshine, J.D. Dawn Pepin, J.D., M.P.H. Tara Ramanathan, J.D., M.P.H. Akshara Menon, J.D., M.P.H. Matthew Penn, J.D., M.L.I.S. Sarah Wetter, J.D. Bita Kash, Ph.D., M.B.A., FACHE

Objectives Describe the national landscape of state laws regulating health information Explore the implications and effects of persistent misconceptions of legal barriers to data use Discuss some moral, economic, social and political factors, that may be relevant to your client's situation.

Advising Clients Model Rules for Professional Conduct Rule 2.1 Advisor In representing a client, a lawyer shall exercise independent professional judgment and render candid advice. In rendering advice, a lawyer may refer not only to law but to other considerations such as moral, economic, social and political factors, that may be relevant to the client's situation. https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_co nduct/rule_2_1_advisor.html

Fungal Meningitis Outbreak 2012 Healthcare associated infection 753 total cases 64 deaths 20 states Outbreak revealed critical issues relating to releasing of health information https://www.cdc.gov/hai/outbreaks/meningitis.html

Identifying Real and Perceived Legal Barriers Public health officials consistently reported perceived HIPAA barriers as a reason healthcare facilities were hesitant to provide health departments with access to patient information. http://www.astho.org/toolkit/improving-access-to-ehrs-during-outbreaks/

HIPAA Public Health Exception (1) Permitted uses and disclosures. A covered entity may use or disclose protected health information for the public health activities and purposes described in this paragraph to: (i) A public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions; or, at the direction of a public health authority, to an official of a foreign government agency that is acting in collaboration with a public health authority; 45 C.F.R. 164.512 (b)

Identifying Real and Perceived Legal Barriers Making sure that [facilities and providers] have an understanding of their state privacy laws and obviously the federal side of it. That is the biggest issue that we run into. - Health department staff http://www.astho.org/toolkit/improving-access-to-ehrs-during-outbreaks/

Reviews of State Laws Protecting Health Information a morass of erratic law 1992 1996 (HIPAA) Workgroup for Electronic Data Interchange, Report to Secretary of U.S. Department of Health and Human Services, Appendix 4 (1992), (available at https://www.wedi.org/docs/public-policy/wedi-report-1992.pdf). Harmonizing State Privacy Law Collaborative, Update to October 9, 2007 Report on State Privacy & Security Laws Related to Electronic Health Records and Electronic Health Information Exchange (2008), (available at https://www.healthit.gov/sites/default/files/hspl_1_leg_analysis508.pdf). C. Schmit, G. Sunshine, D. Pepin, T. Ramanathan, A. Menon, M. Penn, Transitioning from Paper to Digital: State Statutory and Regulatory Frameworks for Health Information Technology. Public Health Rep. in press (2017).

a morass of erratic law Reviews of State Laws Protecting Health Information fragmented and outdated state laws as a significant barrier to health information exchange. 1992 1996 (HIPAA) 2008 2009 2010 (HITECH & ACA) Workgroup for Electronic Data Interchange, Report to Secretary of U.S. Department of Health and Human Services, Appendix 4 (1992), (available at https://www.wedi.org/docs/public-policy/wedi-report-1992.pdf). Harmonizing State Privacy Law Collaborative, Update to October 9, 2007 Report on State Privacy & Security Laws Related to Electronic Health Records and Electronic Health Information Exchange (2008), (available at https://www.healthit.gov/sites/default/files/hspl_1_leg_analysis508.pdf). C. Schmit, G. Sunshine, D. Pepin, T. Ramanathan, A. Menon, M. Penn, Transitioning from Paper to Digital: State Statutory and Regulatory Frameworks for Health Information Technology. Public Health Rep. in press (2017).

Reviews of State Laws Protecting Health Information a morass of erratic law fragmented and outdated state laws as a significant barrier to health information exchange. The large quantity and diversity of laws complicate legal analysis, likely delay implementation of public health solutions, and might be detrimental to the development of emerging health information technology. 1992 1996 (HIPAA) 2008 2009 2010 (HITECH & ACA) 2017 Workgroup for Electronic Data Interchange, Report to Secretary of U.S. Department of Health and Human Services, Appendix 4 (1992), (available at https://www.wedi.org/docs/public-policy/wedi-report-1992.pdf). Harmonizing State Privacy Law Collaborative, Update to October 9, 2007 Report on State Privacy & Security Laws Related to Electronic Health Records and Electronic Health Information Exchange (2008), (available at https://www.healthit.gov/sites/default/files/hspl_1_leg_analysis508.pdf). C. Schmit, G. Sunshine, D. Pepin, T. Ramanathan, A. Menon, M. Penn, Transitioning from Paper to Digital: State Statutory and Regulatory Frameworks for Health Information Technology. Public Health Rep. in press (2017).

Evaluating State Laws Regulating Electronic Health Information What we did Identified relevant legal provisions using Westlaw legal database Only includes laws in effect as of January 2014 Categorized legal provisions by the nature of electronic health information use described in the law What we found States have passed numerous laws addressing electronic health information: 2,364 statutes and regulations 49 different regulated uses State legal frameworks are diverse and vary qualitatively and quantitatively C. Schmit, G. Sunshine, D. Pepin, T. Ramanathan, A. Menon, M. Penn, Transitioning from Paper to Digital: State Statutory and Regulatory Frameworks for Health Information Technology. Public Health Rep. in press (2017).

Uses of Electronic Health Information Regulated by Laws in effect January 2014

Number of laws relating to Electronic Health Information in effect January 2014 (all states).

State Health Information Exchange (HIE) Laws

HIE Oversight Entity (2016) State entity with oversight responsibilities for the HIE Yes (31) Preliminary data from a study of Health Information Exchange Laws

HIE Oversight Entity (2016) State entity with oversight responsibilities for the HIE Yes (31) At least 11 oversight entities within 300 miles of New Jersey

State Entity HIE Rule-Making (HIE) State entity authorized to promulgate rules and regulations pertaining to the HIE Yes (23) Preliminary data from a study of Health Information Exchange Laws

HIE Consent Model (2016) State entity with oversight responsibilities for the HIE Opt-in (8*) Opt-out (15) Voluntary/not specified (2) Ambiguous (2**) Preliminary data from a study of Health Information Exchange Laws * - Includes California Demonstration HIE legislation ** - Coded Ambiguous if law could either satisfy the coding criteria or not, depending on differing reasonable interpretations of the terms of the law.

Actual and Perceived Legal Barriers to Data Use and Release There are many perceived legal barriers to data use and release Not all are actual legal prohibitions Three approaches to perceived barriers Apply conservative data use policies Identify legal solutions Identify technological solutions Clients need an understanding of underlying legal framework

Future Applications of HIT Future HIT applications require data portability!!! Mobile medicine Precision medicine Learning health systems Health care will rely heavily on big data in the future

https://www.forbes.com/sites/louiscolumbus/2015/06/25/where-big-data-jobs-are-in-2015-midyear-update/#155560022050 A. B. Martin, M. Hartman, B. Washington, A. Catlin, the N. H. E. A. National Health Expenditure Accounts Team, National Health Spending: Faster Growth In 2015 As Coverage Expands And Utilization Increases. Health Aff. (Millwood). 36, 166 176 (2017).

In 2015, healthcare spending amounted to 17.8% of the GDP https://www.forbes.com/sites/louiscolumbus/2015/06/25/where-big-data-jobs-are-in-2015-midyear-update/#155560022050 A. B. Martin, M. Hartman, B. Washington, A. Catlin, the N. H. E. A. National Health Expenditure Accounts Team, National Health Spending: Faster Growth In 2015 As Coverage Expands And Utilization Increases. Health Aff. (Millwood). 36, 166 176 (2017).

Title 2017 is published by the American Health Lawyers Association. All rights reserved. No part of this publication may be reproduced in any form except by prior written permission from the publisher. Printed in the United States of America. Any views or advice offered in this publication are those of its authors and should not be construed as the position of the American Health Lawyers Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice or other expert assistance is required, the services of a competent professional person should be sought from a declaration of the American Bar Association.

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback