Upload
benedict-green
View
38
Download
0
Tags:
Embed Size (px)
DESCRIPTION
SHARING CLINICAL DATA: Legal and Privacy Issues. Health Information Technology Summit September 8, 2005. Marcy Wilder Hogan & Hartson LLP 555 13 th Street, NW Washington, DC 20004 (202) 637-5729 [email protected]. Legal Issues Overview. Data Privacy (and Security) Fraud and Abuse - PowerPoint PPT Presentation
Citation preview
11
SHARING CLINICAL DATA:SHARING CLINICAL DATA:Legal and Privacy IssuesLegal and Privacy Issues
Health Information Technology Health Information Technology SummitSummit
September 8, 2005September 8, 2005
Marcy WilderHogan & Hartson LLP555 13th Street, NW
Washington, DC 20004(202) 637-5729
Hogan & Hartson LLPHogan & Hartson LLP 22
Legal Issues OverviewLegal Issues Overview
Data Privacy (and Security)Data Privacy (and Security)
Fraud and AbuseFraud and Abuse
Anti-TrustAnti-Trust
Medical MalpracticeMedical Malpractice
33
Data Privacy in a Hub and Data Privacy in a Hub and Spoke ModelSpoke Model
Hogan & Hartson LLPHogan & Hartson LLP 44
Covered EntityCovered Entity
Business AssociateBusiness Associate
For Each Participant Determine For Each Participant Determine HIPAA StatusHIPAA Status
Hogan & Hartson LLPHogan & Hartson LLP 55
Most Participating Institutions and Most Participating Institutions and Organizations are Covered EntitiesOrganizations are Covered Entities
Most Hub Organizations are Most Hub Organizations are notnot Covered Covered EntitiesEntities– Clearinghouse exceptionClearinghouse exception
Hogan & Hartson LLPHogan & Hartson LLP 66
Is Hub a Business Associate?Is Hub a Business Associate?
Factors to Consider:Factors to Consider:
– Managing data on behalf of participantsManaging data on behalf of participants
– Data access rights for any purposeData access rights for any purpose
– Merely a conduit (like the phone company)Merely a conduit (like the phone company)
77
Usually, participants that Usually, participants that exchange data through the Hub exchange data through the Hub are not business associates of are not business associates of
each other.each other.
88
Legal ObligationsLegal Obligations
99
Business Associate Agreement Business Associate Agreement (can be included in master contract)(can be included in master contract)
Hogan & Hartson LLPHogan & Hartson LLP 1010
Covered Entity …Covered Entity …
Is liable for actions of business associate Is liable for actions of business associate only if the Covered Entity has knowledge only if the Covered Entity has knowledge of a breach and fails to act.of a breach and fails to act.
Is required by contract to notify business Is required by contract to notify business associate of breach.associate of breach.
Should have procedure for escalation and Should have procedure for escalation and remediation.remediation.
Hogan & Hartson LLPHogan & Hartson LLP 1111
Privacy and Security Oversight of Privacy and Security Oversight of the Hubthe Hub
Business judgmentBusiness judgment
Sensitivity of data and reputational harm Sensitivity of data and reputational harm that can result from breaches suggests that can result from breaches suggests some diligence is appropriate, even if not some diligence is appropriate, even if not required by law.required by law.
Third party can monitor or certify Third party can monitor or certify compliance with standards.compliance with standards.
Audit requirement is two-edged sword.Audit requirement is two-edged sword.
1212
Privacy PoliciesPrivacy Policies
Hogan & Hartson LLPHogan & Hartson LLP 1313
Policies Should Increase in Policies Should Increase in Specificity as Sub-Unit Grows Specificity as Sub-Unit Grows
SmallerSmaller
NHINNHIN
SNOSNO
ParticipantParticipant
Hogan & Hartson LLPHogan & Hartson LLP 1414
Policies Needed For:Policies Needed For:
Notice to ConsumerNotice to Consumer
Uses and Disclosures of Health InformationUses and Disclosures of Health Information
Information Subject to Special Protection (HIV, Information Subject to Special Protection (HIV, substance abuse, mental health)substance abuse, mental health)
Minimum NecessaryMinimum Necessary
Role-Based AccessRole-Based Access
Amendment of DataAmendment of Data
Requests for RestrictionsRequests for Restrictions
MitigationMitigation
Limited Data Sets/De-identificationLimited Data Sets/De-identification
1515
Patient Control of RecordsPatient Control of Records
Hogan & Hartson LLPHogan & Hartson LLP 1616
What HIPAA RequiresWhat HIPAA Requires
TreatmentTreatment
PaymentPayment
Health Care OperationsHealth Care Operations
Public HealthPublic Health
ResearchResearch
Hogan & Hartson LLPHogan & Hartson LLP 1717
Should Institutions Go Beyond Should Institutions Go Beyond HIPAA?HIPAA?
Notice and Opt-OutNotice and Opt-Out
Prior ConsentPrior Consent
1818
Other Legal IssuesOther Legal Issues
Hogan & Hartson LLPHogan & Hartson LLP 1919
Stark and Anti-KickbackStark and Anti-Kickback
Structure and Financing of RHIO ~ SNOStructure and Financing of RHIO ~ SNO
Outfitting physicians with HIT (community-Outfitting physicians with HIT (community-wide health technology exception wide health technology exception inadequate)inadequate)
Current exceptions inadequateCurrent exceptions inadequate
Hogan & Hartson LLPHogan & Hartson LLP 2020
Anti-trustAnti-trust
Does RHIO ~ SNO advantage some Does RHIO ~ SNO advantage some providers over others?providers over others?
To the extent the benefits can be shown to To the extent the benefits can be shown to outweigh anti-competitive impact, they are outweigh anti-competitive impact, they are not likely to violate federal anti-trust laws.not likely to violate federal anti-trust laws.
Hogan & Hartson LLPHogan & Hartson LLP 2121
Medical MalpracticeMedical Malpractice
Concern among physicians that availability Concern among physicians that availability of information will increase potential liability. of information will increase potential liability. In the end, the net effect of EMR will likely In the end, the net effect of EMR will likely be to improve care and lower liability risks. be to improve care and lower liability risks. At this point, the liability question is At this point, the liability question is unanswered and the cause of significant unanswered and the cause of significant anxiety among some physicians.anxiety among some physicians.