Confidentiality of Medical Information - PowerPoint PPT Presentation

Loading...

PPT – Confidentiality of Medical Information PowerPoint presentation | free to download - id: 413cf7-ZWY5O



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Confidentiality of Medical Information

Description:

Confidentiality of Medical Information Public Health Nursing and Professional Development Unit ... and NC Attorney General s Office in specific situations. – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 51
Provided by: PlaceJ
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Confidentiality of Medical Information


1
Confidentiality of Medical Information
  • Public Health Nursing and
  • Professional Development Unit
  • Eunice B. Inman, RN, BSN Pamela Serrell, RN,
    BSN
  • Ellen Shope, RN, BSN Lynn Conner, RN,
    BSN
  • Gay G. Welsh, RN, BSN, MPH

2
Introduction
  • Objectives for this presentation include
  • Identify laws that require NC Local Health
    Departments to keep patient information
    confidential.
  • Identify which information is confidential.
  • Describe when confidential information may be
    disclosed.
  • Describe how best to document disclosures of
    confidential information.

3
Introduction
  • This presentation is meant to introduce an
    overview of confidentiality laws and how those
    laws address some of the issues that arise in NC
    local health departments.
  • It is not meant to be comprehensive. Please
    consult an attorney if you need more information
    or advice for a specific situation.

4
Vocabulary
  • Confidential
  • as defined by
  • Webster is
  • private, secret.

5
Confidentiality
  • The general ethic in the provision of health care
    is that a patients secrets uttered in confidence
    must be safeguarded by the physician, other
    health care providers, and the agencys workforce
    (employees, volunteers, trainees, and other
    persons whose conduct, in the performance of
    their duties, is under the direct control of the
    agency, whether or not they are paid by the
    agency).

6
Laws Affecting LHDs in NC
  • HIPAA Privacy Rule (45 CFR Parts 160 164)
    Federal law that governs when covered entities
    a term that includes most health care providers,
    including LHDs may and may not use and disclose
    PHI without a clients permission. (Other federal
    and NC laws must also be considered in
    conjunction with HIPAA requirements.)

7
HIPPA Privacy Rulecont.
  • Requires covered entities to have written
    policies procedures designed to comply with the
    Privacy Rule.
  • Requires the implementation of administrative,
    technical, and physical safeguards to protect the
    privacy of individually identifiable health
    information.
  • Requires mitigation, to the extent possible, when
    breaches occur that violate the Privacy Rule or
    the covered entities policies/procedures when
    the breach is known by the covered entity.

8
HIPAA Privacy Rulecont.
  • HIPAA Definitions
  • PHI Protected Health Information
  • Individually identifiable health information
    (IIHI) that is transmitted electronically or
    maintained in any form or medium by a covered
    entity.
  • T Treatment activities of a healthcare
    provider
  • Includes provision, coordination, management of
    health care related services, referrals,
    consultations, etc.

9
HIPAA Privacy Rulecont.
  • P Payment for treatment
  • Includes reimbursement for services, benefit
    coverage, eligibility, billing, collections, etc.
  • O Health Care Operations that support the
    activities of healthcare provider
  • Includes QI, credentialing, financial and medical
    review audits, business management, etc.
  • Please refer to the HIPAA Privacy Rule for more
    detailed explanations.

10
ARRA - American Recovery Reinvestment Act
  • ARRA Federal Law
  • Effective 02/18/09
  • primarily found at 45 CFR Part 164, Subpart D (45
    CFR 164.400 - 164.414)
  • Contains the HITECH Act that exceeds HIPAA in
    protecting PHI.

11
ARRA - American Recovery Reinvestment Act
  • Within ARRA is the Health Information Technology
    for Economic Clinical Health Act (HITECH Act)
  • Broadens and supplements HIPAA privacy and
    security requirements, and various state privacy
    breach notifications.
  • Safeguards PHI above and beyond current HIPAA
    requirements.
  • Extends requirements to certain non-covered
    entities, covered entities, and to business
    associates of covered entities
  • Includes breach notification requirements for a
    privacy breach.

12
ARRA - American Recovery Reinvestment Act
  • AARA HITECT Act (continued)
  • HITECH Act may be found at http//www.hhs.gov/ocr
    /privacy/hipaa/administrative/enforcementrule/hite
    chenforcementifr.html
  • Guidance for managing breaches
    http//www.sog.unc.edu/node/1040 under Security
    Breaches.

13
NC Identity Theft Protection Act
  • NC Identity Theft Protection Act (GS 75-60,
    Article 2A)
  • NC law requiring private businesses and
    government agencies to protect personally
    identifying information that could be used for
    identity theft.
  • Includes specific actions private businesses and
    government agencies must take when experiencing a
    security breach involving personally identifying
    information that is not encrypted (not
    necessarily electronic encryption).
  • Requires notifications of breaches to
    individuals, media, and NC Attorney Generals
    Office in specific situations.

14
NC Identity Theft Protection Act
  • NC Identity Theft Protection Act found at
  • http//www.ncga.state.nc.us/EnactedLegislation/Sta
    tutes/HTML/ByArticle/Chapter_75/Article_2A.html
  • Guidance may be found at
  • http//www.sog.unc.edu/node/1045
  • Scroll down to What does The Identity Theft Act
    Mean for Local Health Departments.

15
Other NC State Laws re Confidentiality
  • Public Health Patient Confidentiality Law (GS
    130A-12) (revised, effective 01/01/12)
  • NC law that applies only to LHDs, DHHS DEHNR
  • Medical records held by either are confidential
    and are not subject NCs public records law.
  • Disclosure of information only may occur with
    appropriate authorization or as required by
    federal or state law.

16
Other NC State Laws re Confidentiality
  • Privilege Laws (GS 8-53 and GS 8-53.13)
  • NC laws meant to prevent information from being
    introduced into court proceedings against the
    patients will.
  • GS 8-53 Communications between patients and
    their physicians (and others working under the
    direction of the physician) are privileged.
  • GS 8-53.13 Communications between patients and
    nurses are privileged.
  • Privileged information may be introduced in two
    circumstances
  • The patient gives permission for the disclosure
  • The judge orders the disclosure after finding
    that it is necessary for the proper
    administration of justice.

17
Laws Protecting Specific Situations
  • Title X Family Planning (45 CFR59.11)
  • Federal law that requires providers to keep
    information about Title X Clients confidential
    and disclose it only with the clients documented
    consent (permission), unless the disclosure is
    necessary to provide services to the client or is
    required by law.

18
Law Protecting Specific Situations
  • Communicable Disease Confidentiality
  • (GS 130A-143) (revised, effective 01/01/12)
  • State Law that applies to information or
    records that identify a person who has or may
    have a reportable communicable disease or
    condition. Such information may be disclosed
    only when the disclosure fits into one of eleven
    circumstances specified in the statute. (Please
    consult the statute for these.)

19
Law Protecting Specific Situations
  • Family Education Rights Privacy Act
  • Under FERPA school nurses must protect access to
    and disclosure of student education records.
  • FERA may be found at
  • Title 34, Part 99--Family Educational
    Rights and Privacy
  • Schools may also fall under HIPAA.
  • Helpful QA re HIPAA FERPA in schools may be
    found at http//www.sog.unc.edu/node/832


20
Law Protecting Specific Situations
  • Employees working with aspects of mental health
    or substance abuse clients may be subject to laws
    affecting those services.
  • Please consult appropriate sources for legal
    resources applicable to these services.

21
Pharmacy Records Law
  • Availability of pharmacy records
  • (G.S 90-85.36)
  • Pharmacy, whether written or electronic, orders
    are not public records and may only be provided
    to the following persons.
  • Persons for whom the prescription was written
  • Parent, Guardian or Persons standing in loco
    parentis of a minor child or disabled adult
  • Pharmacy owner Pharmacist filling the
    prescription
  • Healthcare provider writing the prescription or
    otherwise treating the patient

22
Pharmacy Records Law
  • (List continued)
  • Anyone presenting an authorization for the
    release or subpoena for pharmacy information
  • Includes researchers
  • Any business entity responsible for paying for
    the medical care of the person for whom the
    prescription was written
  • Pharmacy Board members
  • HIPAA covered entity or non-covered health care
    provider for TPO purposes

23
Licensure Laws
  • Components of Nursing Practice for the Registered
    Nurse (21 NCAC 36 .0224)
  • (g)(4) is the specific section of administrative
    code that says the nurse must uphold
    confidentiality.
  • (g) Collaborating involves communicating and
    working cooperatively with individuals whose
    services may have a direct or indirect effect
    upon the client's health care and includes
  • (4) safeguarding confidentiality.

24
Licensure Laws
  • Components of Nursing Practice for the
  • Licensed Practical Nurse (21 NCAC 36.0225)
  • (g)(3) is the specific section of administrative
    code that says the LPN must uphold
    confidentiality as delegated by the registered
    nurse.
  • (g) Collaborating involves communicating and
    working cooperatively with individuals whose
    services may have a direct or indirect effect
    upon the client's health care and includes
  • (3) safeguarding confidentiality.

25
Ethics and Policies
  • ANA Code of Ethics Interpretive Statement,
  • Provision 3.2
  • the nurse has the duty to maintain
    confidentiality of all patient information.
  • To do less
  • Jeopardizes the patients welfare
  • Destroys trust in the nurse/patient relationship
    which jeopardizes the nurses ability to provide
    quality care.

26
Ethics and Policies
  • AMA Code of Ethics Opinion 5.05 Confidentiality
  • The information disclosed to a physician by a
    patient should be held in confidence.
  • The patient should feel free to make a full
    disclosure of information to the physician in
    order that the physician may most effectively
    provide needed services.
  • The patient should be able to make this
    disclosure with the knowledge that the physician
    will respect the confidential nature of the
    communication.

27
Ethics and Policies
  • Local Health Department Policy Procedure
  • Safeguards Policies covered entities must have
    in place appropriate administrative, technical,
    and physical safeguards to protect the privacy of
    PHI.
  • Safeguard policies/procedures include, but are
    not limited to
  • Policy sets forth guidance to safeguard and
    maintain the integrity of the designated record
    set (financial and medical records as defined by
    HIPAA) and how best to protect the rights of
    clients while affording the providers of care
    appropriate access.

28
Which Information is Confidential?
  • Agency Confidentiality Policy Affirms the
    agencys resolve to abide by the laws presented.
  • Any IIHI about a client is confidential assume
    that it is all confidential.
  • It is not just the medical status or treatment
    information that is protected.
  • Even the fact that they are a client is
    protected.
  • Any (IIHI) individually identifiable health
    information the LHD has on a person who is not a
    client is most likely confidential.
  • Example blood lead information cared for by a
    local pediatrician and environmental health is
    doing a home investigation.

29
Which Information is Confidential?
  • Individually Identifiable Health information
  • (IIHI) includes
  • the clients demographic information (name,
    address, age, date of birth, etc.).
  • information that is created or received by a
    health care provider, health plan, employer, or
    health care clearinghouse.
  • information related to the past, present, or
    future physical or mental health condition of the
    individual, provision of health care, or the
    past, present, or future payment for the
    provision of health care.
  • any information that identifies the client, or to
    which there is reasonable basis to believe that
    the information can be used to identify the
    client.

30
Which Information is Confidential?
  • Protected Health Information includes
  • IIHI that is transmitted electronically or
    maintained in any form or medium by the covered
    entity.
  • And everything else mentioned if not addressed in
    laws for specific services.

31
When may LHDs Disclose Patient Information?
  • With the clients (or personal representatives)
  • permission.
  • Permission must be in the proper format.
  • In most cases the permission must be in writing.
  • Must be on an appropriate HIPAA compliant
    authorization form.

32
When may LHDs Disclose Patient Information?
  • Under certain circumstances without the
  • clients (or personal representatives)
  • permission as specified by law.
  • Broadly these include
  • Treatment, payment and healthcare operations as
    defined by HIPAA, G.S. 130A-12,
  • G.S. 130A-143.
  • Please consult your HIPAA Officer or County
    Attorney regarding these definitions.

33
When may LHDs Disclose Patient Information?
  • When it is required by another law.
  • The following slides will address these.
  • Subpoenas other court orders
  • Response guidance for LHDs from the NC School of
    Government may be found at http//shopping.netsui
    te.com/s.nl/c.433425/it.I/id.218/.f?sc7category
    49

34
Laws requiring disclosure of info.
  • NC law requires the disclosure of confidential
    information or records for specific purposes for
    each of the following (The following is a
    partial list of those who may demand records or
    information.)
  • HIPAA covered entities must verify the identity
    of the individual demanding the information and
    their authority to obtain the information.
  • G.S. 130A-385 Chief medical examiner or county
    medical examiner when a death is under
    investigation.
  • G.S. 130A-209 Diagnoses of cancer to central
    cancer registry

35
Laws requiring disclosure of info.
  • List cont.
  • GS 7B-301 Any person or institution must report
    known or suspected child abuse/neglect or child
    deaths believed to be due to maltreatment to DSS.
  • GS 7B-302 Records or information relevant to
    the investigation of known or suspected cases of
    child abuse or neglect may be released to
    director of social services
  • GS 7B-601 or guardian ad litem representing the
    child
  • GS 7B-1413 The N.C. Child Fatality Prevention
    Team, a community child protection team, and N.C.
    Child Fatality Task Force may review information
    they deem relevant to their task.

36
Laws requiring disclosure of info.
  • List cont.
  • GS 108A-102 Report suspected abuse of elderly
    or disabled adults to Social Services Director.
  • GS 130A-5 and 130A-15 NC Secretary of HHS may
    see patient records when the patients physician
    and a DHHS physician agree that there is a clear
    danger to public health and other health
    hazards.
  • GS 130A-135 et seq. Outbreaks of reportable
    communicable diseases.
  • G.S. 130A-144 Local Health Directors or State
    Health Director may demand medical records
    pertaining to the diagnosis, treatment, or
    prevention of communicable disease.

37
Laws requiring disclosure of info.
  • List cont.
  • G.S. 51-2 Disclose relevant medical information
    of minors seeking to marry to court appointed
    guardian ad litem.
  • G.S.90-21.20 Report wounds/injuries to law
    enforcement if there appears to be criminal
    violence involved.
  • G.S. 130A-153 and 10A NCAC 41A.0406 Disclosures
    of immunizations to specific providers, schools,
    etc.


38
Laws requiring disclosure of info.
  • List cont.
  • G.S. 130A-456 Physicians must be report
    occupational injuries on farms and other
    reportable occupational diseases and illnesses to
    DHHS.
  • G.S. 130A-458 Persons in charge of laboratories
    that provide diagnostic services must report
    findings related to reportable occupational
    diseases and illnesses to DHHS.


39
Laws requiring disclosure of info.
  • List cont.
  • G.S. 130A-476(b) Authorizes State Health
    Director to issue temporary order requiring
    health care providers to report specifically
    requested medical information to local health
    director or State Health Director to investigate
    a possible bioterrorist incident.
  • State and federal auditors of programs such as
    Medicaid may review patient records under
    applicable state and federal regulations.


40
Other exceptions requiring disclosure.
  • Responding to a court order, subpoena, warrant,
  • other law enforcement and judicial requests
  • Response guidance for LHDs from NC SOG may be
    found at
  • http//shopping.netsuite.com/s.nl/c.433425/it.I/id
    .218/.f?sc7category49
  • LHDs may disclose information without a patients
    permission upon receipt of a proper court order
    provided only the PHI disclosed is expressly
    authorized by the court order.
  • A subpoena must never be ignored however,
    depending on the type of subpoena, automatic
    disclosure of information is not always
    appropriate. (Consult the above guidance and
    local attorney.)

41
Other exceptions requiring disclosure.
  • Health department should have a carefully crafted
    policy for handling subpoenas, court orders and
    law enforcement judicial requests.
  • All the above requests should be brought to the
    attention of the health director immediately.
  • Consulting the LHD Attorney about the above types
    of legal requests prior to disclosing
    information is a good idea.

42
Obtaining Consent For TPO
  • "Consent" as defined by HIPAA means that the
    client is giving the covered entity permission to
    use and disclose their protected health
    information for treatment, payment, and other
    health care operations.
  • Obtaining consent for TPO is optional under
    HIPAA and is no longer required by NC law
    (G.S.130A-12(3), revised, effective 01/01/12.)

43
Obtaining Consent For TPO
  • Consentcont.
  • It is no longer recommended that local health
  • departments obtain consent for TPO.
  • Continuing to obtain consent for TPO may result
    in barriers to care in specific circumstances and
    lost reimbursement if a client refuses to sign
    the consent for TPO as the mandated services are
    still required to be provided.

44
Verification Requirements
  • Prior to disclosing requested PHI to a person
  • or entity the HIPAA Privacy Rule requires
  • covered entities to verify two things
  • the requesting persons identity (personal
    identity or as an appropriate designee of a
    requesting entity).
  • the requesting persons authority to receive the
    information.
  • Covered entities must have internal Verification
    Policies Procedures and must have trained their
    staff on the policy/procedure.

45
Obtaining Permission to Disclose Information
(Authorization)
  • HIPAA Authorization Forms
  • Must contain specific elements.
  • Must be used for disclosures outside the realm of
    TPO.
  • Please see the following references
  • IOG http//www.sog.unc.edu/node/818
  • DPH http//publichealth.nc.gov/lhd/
  • See Problem Oriented Health Record topic and
    select DHHS Form 4056.

46
Obtaining Permission for Treatment
  • "Consent for Treatment"
  • Obtaining informed consent to treat a patient is
    an entirely different legal obligation as opposed
    to obtaining consent for TPO, which is not a
    legal obligation.
  • Consent for Treatment means that the client is
    giving permission to the health care provider to
    provide medical care and treatment to the client.
    (G.S. 90-21.13)
  • Obtaining consent for TPO, which is no longer
    recommended, means the client is giving the
    covered entity permission to use and disclose
    their PHI for treatment and payment activities as
    well as health care operations.
  • Health departments still need informed consent to
    treat a patient.

47
Obtaining Permission for Treatment
  • GS 90-21.13 Informed consent to healthcare or
    procedure.
  • Valid consent means that a reasonable person
    under all the surrounding circumstances would be
  • mentally and physically competent to give
    consent.
  • able to understand the implications, risks and
    hazards of the treatment or procedure.
  • consent voluntarily to the treatment or
    procedure, and without coercion from the
    requestor.

48
Documenting Disclosures
  • When information is disclosed with clients
  • consent (via HIPAA compliant authorization)
  • Put copy of signed authorization in clients
    record.
  • HIPAA requires that the client be given a copy
    of
  • the signed authorization.
  • Make a note in the record when the information
    is actually released.
  • Disclosures made with the clients authorization
    are not required to be included in the Accounting
    of Disclosures.
  • (The client has the right to ask for an
    accounting of disclosures. See http//www.sog.unc.
    edu/node/818 for guidance on accounting of
    disclosure requirements.)

49
Documenting Disclosures
  • When information is disclosed without permissio
  • when meeting a legal requirement to disclose,
  • documentation in the clients record should
    include
  • the date and the fact of its disclosure,
  • to whom it was disclosed
  • why it was disclosed
  • the name of staff member that disclosed the
    information
  • the signature/initials of the staff member
    recording the documentation in the record
  • -Disclosures made without client authorization
    are required to be included in the Accounting of
    Disclosures.

50
Questions
  • Now a few minutes for questions.
About PowerShow.com