Our Annual - PowerPoint PPT Presentation

1 / 88
About This Presentation
Title:

Our Annual

Description:

The laws that protect the confidentiality of HIV information: Article 27-F of the NYS Public Health Law: HIV Confidentiality Law HIPAA (if applicable) 2. – PowerPoint PPT presentation

Number of Views:172
Avg rating:3.0/5.0
Slides: 89
Provided by: lac125
Learn more at: https://www.lac.org
Category:

less

Transcript and Presenter's Notes

Title: Our Annual


1
  • Our Annual
  • HIV Confidentiality Update
  • An Overview for
  • Agency Names
  • In-service on Confidentiality

2
Purpose of this In-Service
  • New York State HIV Confidentiality Law Article
    27-F of the Public Health Law protects the
    confidentiality of HIV-related information about
    people who receive services from most health care
    or social services in New York.
  • Our agency is one of the many providers of health
    or social services in New York that must comply
    with Article 27-Fs confidentiality requirements.

3
Purpose of this In-Service (cont.)
  • HIPAA (federal law) requires some health care
    providers including this agency to maintain the
    confidentiality of all protected health
    information.
  • More . . .

4
Purpose of this In-Service (cont.)
  • Both of these laws (and regulations implementing
    them) require agencies they cover to
  • have policies and procedures to ensure compliance
    with the laws privacy protections, and
  • conduct annual updates on our HIV policies and
    procedures for all staff.

5
Purpose of this In-Service (cont.)
  • This is your annual update.

6
What this presentation covers
  • 1. The laws that protect the confidentiality of
    HIV information
  • Article 27-F of the NYS Public Health Law HIV
    Confidentiality Law
  • HIPAA (if applicable)
  • 2. HIPAApatients rights provisions
  • 3. How to respond to client/patient complaints
    about breach of confidentiality

7
Have questions?
  • Speak to supervisor.
  • If you cannot resolve the question internally,
    call on these resources
  • NYS Department of Health Confidentiality Hotline
    800-962-5065, or
  • Legal Action Center
  • ask for attorney on call
  • 212-243-1313 or 800-223-4044

8
Part 1
  • Confidentiality of
  • HIV-related Information
  • Article 27-F of the
  • NYS Public Health Law
  • HIPAA

9
Article 27-FWhat is it?
  • New York State law that governs
  • HIV testing
  • HIV confidentiality
  • HIV case reporting partner notification
  • (NYS HIV Case Reporting Partner Notification
    law is in Public Health Law Article 21, Title
    III)
  • This presentation covers the confidentiality
    provisions, not those concerning testing.

10
Article 27-F Who is covered?
  • ANY person or agency who receives
  • HIV-related information about a protected
    individual
  • while providing a covered health or social
    service
  • Examples health care professionals and health
    facilities, foster care agencies, school nurses,
  • OR

11
Article 27-F Who is covered (cont.)?
  • 2. Anyone who receives HIV information
    pursuant to a proper written release. This means
  • if you obtain a clients HIV information pursuant
    to his or her signed HIV release form, you must
    follow Article 27-F.
  • if you disclose a clients HIV information
    pursuant to an HIV release form, the
    person/agency receiving it must follow Article
    27-F too.
  • OR

12
Article 27-F Who is covered (cont.)?
  • ANY New York state or local governmental agency
    that
  • provides, supervises or monitors health or social
    services
  • Examples DOH, OASAS, OTDA, DOCS, HRA, DSS

13
Article 27-F Does NOT apply to
  • Protected individuals themselves
  • Persons tested for/diagnosed with HIV or AIDS
  • Friends, relatives
  • Courts
  • Insurers
  • Federal agencies (military, federal prisons)
  • Schools (except school health staff)
  • Employers
  • BUT . . .

14
But, while Article 27-F may not apply . . .
  • OTHER laws protect the confidentiality of
    information about individuals health conditions
    (including HIV-related) in many circumstances.
  • Examples
  • U.S. Constitutional right to privacy applies to
    government (federal, state, local)
  • Americans with Disabilities Act applies to
    employers
  • Privacy Act applies to federal government

15
Recap Our agency must follow Article 27-F
because
  • State how why Article 27-Fs confidentiality
    requirements apply to this agency, e.g.
  • we provide covered health or social services
  • we receive disclose HIV-related info about our
    clients pursuant to written release
  • applicable DOH/AIDS Institute or other state
    agency regulations require us to comply
  • applicable DOH/AIDS Institute or other state
    agency contract requires us to comply.

16
HIPAA What is it?
  • Federal law that establishes minimum safeguards
    to protect the privacy of medical records and
    other personal health information (PHI).
  • Applies to personal health information no matter
    how it is shared in electronic, written or oral
    form.

17
HIPAA Who is covered?
  • Covered Entities Are
  • Health Care Providers
  • Health Plans
  • Health Care Clearinghouses
  • IF they transmit personal health information
    electronically in order to process payment or
    make eligibility determinations.

18
HIPAA Are we covered?
  • State whether this agency is (or is not)
    covered by HIPAA.
  • Even agencies not covered by HIPAA need to
    understand its basic requirements because many
    other agencies they interact with likely are
    covered by HIPAA.

19
HIPAA Article 27-FWho must comply with both?
  • Most health care providers in New York State,
    assuming they transmit health information
    electronically for purposes of billing or
    reimbursement.

20
What happens if both HIPAA Article 27-F apply?
  • Follow HIPAA unless Article 27-F is more
    stringent than the HIPAA provision.
  • More stringent means provides greater privacy
    protection, or gives individuals more privacy
    rights.
  • Article 27-F is usually more protective
    (stringent) than HIPAA, so you follow Article
    27-F.

21
Whats the Law? The general rule
  • HIPAA Art. 27-F generally both prohibit the
    disclosure of health information about an
    individual.
  • HIPAA covers nearly all personal health
    information (which it calls protected health
    information)
  • Article 27-F covers only HIV-related
    information.

22
Article 27-FThe general rule (cont.)
  • NO DISCLOSURE A provider may not disclose any
  • HIV-related information obtained while providing
    health or social service or through a release.

23
Article 27-FThe general rule (cont.)
  • HIV-related information includes
  • Had an HIV test (whether positive or negative)
  • Has HIV infection, HIV related illness or AIDS
  • Has been treated/is being treated for HIV
  • Takes medication specific to HIV disease
  • Is a contact of someone with HIV (spouse,
    sexual or needle-sharing partner)

24
Article 27-F General rule Case studies nos. 1
and 3
  • What information is protected?
  • Case study 1 (Jane, the case manager, and her
    friend Maggie)
  • In the waiting room
  • Case study 3 (Don, waiting to be called in for
    HIV test results)
  • Cases issues from staff here?

25
Article 27-FThe general rule (cont.)
  • HIV confidentiality law protects
  • Not only your clients/patients, but also
  • Anyone whose HIV-related information you received
    while providing health or social service even
    someone who has had no contact with this agency.

26
Article 27-FThe general rule (cont.)
  • You must always maintain the confidentiality of
    this HIV-related information
  • even after you leave your job here.

27
Exceptions to the General Rule When Disclosure
is Permitted
  • While the general rule is no disclosure of
    protected health information,
  • Both HIPAA Article 27-F have exceptions
    that allow entities to share HIV
    information.
  • Main Article 27-F exceptions permitting
    disclosure are outlined in Article 27-F flow
    chart (see slide above, and hand-out).

28
(No Transcript)
29
Main Article 27-F exceptions permitting
disclosure
  • Exceptions covered by this presentation
  • Written Release
  • Internal communications
  • Disclosures to health care providers
  • Partner notification
  • Note Follow Article 27-F rules governing these
    exceptions, since it is more stringent
    provides greater protections than HIPAA.

30
Exception 1 Written Release
  • Requirements for release
  • Voluntary
  • In writing. No oral release!
  • Revocable at any time.
  • Revocation can be oral or written
  • Document it!
  • Continued. . . .

31
Written release (cont.)
  • Use DOH-approved release (complies with Article
    27-F and HIPAA)
  • In hand-outs
  • Do not have client sign a blank or partially
    completed form.

32
Written release (cont.)
  • Who signs the form?
  • Person whose HIV-related information is being
    disclosed, if he or she has
  • capacity to consent

33
Written release (cont.)
  • What is capacity to consent?
  • Regardless of age, ability to
  • Understand appreciate the nature consequences
    of proposed disclosure
  • AND
  • Make an informed decision about whether or not to
    permit the disclosure

34
Written release (cont.)
  • Minors (under age 18) can have capacity to
    consent. No age cut-off.
  • If minor lacks capacity to consent, the person
    authorized by law to consent to health care for
    the minor may authorize disclosure of HIV
    information about the minor. This may be
  • Biological or adoptive parent
  • Guardian
  • Authorized agency (ACS or DSS) if court
    granted the authority

35
Written release (cont.)
  • Review of this agencys policies for completing
    the release form.
  • How to describe the recipient?
  • Law does not require listing name(s) of
    particular employee(s) at recipient agency
  • May be general, e.g., my caseworker other
    agency staff involved in my benefits claim at X
    agency
  • This agencys policy is.

36
Written release (cont.)
  • Completing release form (cont.)
  • Multi-party releases are permitted.
  • How to specify expiration date or event?
  • Release should remain in effect only as long as
    needed to fulfill specific purpose
  • More on next slide

37
Written release (cont.)
  • Completing release form (cont.)
  • AIDS Institute requirement release form should
    expire no later than one year from date signed.
  • Can specify expiration condition or one year,
    whichever is first

38
Written release (cont.)
  • Questions about how to complete the release form?
  • Ask your supervisor, or designate agency staff
    responsible
  • Useful resources
  • DOH Technical Assistance Bulletins
  • Legal Action Center training materials

39
No Redisclosure
  • Person receiving HIV-related information pursuant
    to release may not redisclose
  • Person providing HIV related information pursuant
    to release must provide notice prohibiting
    redisclosure
  • See Notice Prohibiting Redisclosure
  • In hand-outs

40
Article 27-FCase studies nos. 2 and 4
  • Release
  • Case study 2 (Peaches and client Herb)
  • Releases
  • Case study 4 (Joe and client Mary)
  • Cases issues from staff here?

41
Exception 2Internal communications
  • The rule agency staff may share HIV related
    information IF the staff members
  • Are authorized to access clients HIV related
    information in agencys written need-to-know
    protocol and
  • Have a reasonable need to know or share the
    information to carry out their authorized duties.

42
Internal communications (cont.)
  • HIPAA has similar minimum necessary standard
  • Must make reasonable efforts to limit use and
    disclosure of information to the minimum
    necessary to accomplish the intended purpose

43
Internal communications (cont.)
  • Review of this agencys
  • need to know list (include job titles and
    functions justifying access)
  • categories of information to which they need
    access
  • any conditions to or restrictions on their access

44
Internal communications (cont.)
  • Review of this agencys policy for charting
    HIV-related information
  • Article 27-F must record HIV information in
    medical record IF required to keep medical record
  • Charting/record-keeping requirements under
    regulations that apply to this agency
  • Where else and how else to record?

45
Article 27-FCase study no. 5
  • Charting HIV information
  • Case study 5 (Paddy and client Finn)
  • Cases and issues relating to charting or
    record-keeping from staff here?

46
Exception 3 Health Care Providers
  • May disclose HIV related information without
    release to an outside health care provider or
    health facility when necessary for that health
    care provider/facility to know the HIV info in
    order to provide appropriate care or treatment
    to
  • 1. The protected individual, or
  • 2. His or her child, or
  • 3. His or her contact (spouse, sex or
    needle-sharing partner)

47
Disclosures to health care providers (cont.)
  • Agency with the info not the outside health
    care provider makes the decision whether it is
    necessary for the outside provider to know the
    HIV info in order to provide the care or
    treatment in question.
  • Document the disclosure.

48
Disclosures to health care providers (cont.)
  • It is always preferable to seek obtain a
    release even if the disclosure is legally
    permitted without it.
  • Our agencys policy is
  • obtain a release whenever practicable
  • disclosures without a release under health care
    provider rule are permitted if/when_________
  • If in doubt, consult with designated staff
    responsible for making decisions.

49
Exception 4 Partner Notification
  • What do you do . . .
  • if your client/patient confides that he is
    having unprotected sex and has no intention of
    disclosing his HIV status to his partner?

50
Partner notification (cont.)
  • The rule
  • 1st question are you a physician? ONLY
    physicians and special Department of Health staff
    are permitted to notify identified partners of
    HIV infected individuals of the partners
    exposure risk
  • NO ONE ELSE is permitted to do partner
    notification (without the HIV individuals
    specific, written release)

51
Partner notification (cont.)
  • Physicians may only notify contact if
  • Significant risk of infection
  • Counsels patient about need to notify
  • Does domestic violence screen
  • Informs patient that
  • Intends to notify at-risk partner, or ask DOH
    (PNAP) to do so
  • Patient can choose to have DOH conduct
    notification
  • Source persons name/identity wont be revealed

52
Partner notification (cont.)
  • For non-physicians, possible options include
  • Counseling HIV client to make disclosure
  • If agency has physician(s) on staff, consult with
    him/her about doing notification to the at-risk
    partner or contacting Department of Healths
    Partner Services program OR

53
Partner notification (cont.)
  • More options for non-physicians
  • If you know your clients physician or health
    care provider outside your agency ask client
    to sign a release so you can disclose to that
    physician, asking him/her to do notification or
    forward the information to DOH. Or, under the
    health care provider rule (above), you may tell
    that physician without a release.

54
Partner notification (cont.)
  • Key points about partner notification
  • Physicians have permission but not legal duty
    to notify at-risk partners, as outlined above.
  • Non-physicians have no legal duty to ensure
    at-risk partners are notified.
  • Identity of HIV source patient is never
    revealed to at-risk partner (in absence of
    patients written release or a special court
    order).

55
Partner notification (cont.)
  • Review of this agencys policy and procedures for
    dealing with partner notification issues

56
Article 27-FCase study no. 7
  • Contact (partner) notification
  • Case study 7 (Maria and her HIV client John)
  • Partner notification cases and issues from staff
    here?

57
Other exceptions permitting disclosure under
Article 27-F
  • Consider reviewing other exceptions that may
    apply to your work, or be relevant to your
    agencys staff, including
  • Case reporting
  • Physicians minors
  • Foster care
  • Occupational exposure
  • Insurance
  • Court orders
  • Program evaluation
  • Newborns

58
Other exceptions permitting disclosure under
Article 27-F (cont.)
  • Additional details and resources explaining
    these exceptions are available through
  • NYS Department of Health website and resource
    materials, including
  • New York State Confidentiality Law and HIV
    Questions and Answers, at www.health.state.ny.us
  • Legal Action Center website (www.lac.org),
    resources and training materials

59
Wrap-up HIV confidentiality and our policies
procedures
  • as needed, note any developments, updates or
    changes since previous annual HIV confidentiality
    in-service and update
  • Identify agency staff responsible for
  • developing updating this agencys HIV
    Confidentiality Policies and Procedures
  • ensuring/conducting initial and annual employee
    training.

60
Part 2
  • HIPAA
  • Patients Rights

61
HIPAA patient rights
  • HIPAA provides patients with the right to
  • Receive a notice of privacy protections
  • Access records
  • Request an amendment
  • Receive an accounting
  • Request restrictions
  • Receive confidential communications
  • Details on each to follow

62
HIPAA patient rights (cont.)
  • New York State law already provided patients with
    most of these rights.
  • HIPAA expanded some of these rights, but did not
    provide as much protection in other areas.
    Always follow the more protective (more
    stringent provision).

63
HIPAA privacy notice
  • Providers must give patients a privacy notice.
  • Must post in prominent location
  • Must receive written confirmation of receipt from
    patient.
  • Review agencys policies for distributing privacy
    notice.

64
HIPAA right to access records
  • Patients are entitled to access to their own
    health records upon request (subject to certain
    limitations)
  • Review agencys policies for processing patients
    requests for records

65
HIPAARight to request amendment
  • Patients have the right to request amendments of
    their records.
  • Review agencys policies for processing requests
    for amendments to patient records.

66
HIPAA Art. 27-FRight to an Accounting
  • Both HIPAA Art. 27-F give patients the right to
    a list of HIV-related disclosures about them.
  • Review agencys policies and procedures for
    responding to requests for such lists.

67
HIPAAConfidential Communications
  • If patients make a reasonable request to
    receive communications of protected health
    information by alternative means or at
    alternative locations, the program must honor the
    request.
  • For example Patients may ask that
    communications be emailed, or sent to a
    different location other than their homes.
  • May not require an explanation from the patient
    as to the basis for the request, but may require
    the request to be made in writing.

68
HIPAAConfidential Communications (cont.)
  • Review agencys policies for
  • establishing how clients want to receive
    communications, and
  • responding to requests for alternative methods of
    communication

69
HIPAA Request Restrictions
  • Patients may request the program not to disclose
    health information that the law permits it to
    disclose.
  • Example Client says to counselor dont tell
    any other staff here that I am HIV positive even
    though such disclosures are permitted under the
    internal communications exception.
  • Continued

70
HIPAA Request Restrictions (cont.)
  • The program is not required to agree to the
    patients request.
  • However, if the program does agree, it must then
    abide by the restriction.
  • Document all agreed upon restrictions.

71
HIPAA Privacy Official
  • HIPAA requires programs to have a Privacy
    Official.
  • Remind staff who the privacy official is and what
    procedures there are for forwarding information
    to the privacy official.

72
Part 3
  • Responding to Complaints about Breach of
    Confidentiality

73
Responding to Complaints
  • What should I do
  • If my client says my agency has breached her HIV
    confidentiality?
  • If my client complains that somebody else has
    violated his confidentiality rights?

74
Responding to complaints our agency
  • Inform client our complaint procedure.
  • Contact the designated staff responsible for
    addressing such complaints Privacy Officer, if
    HIPAA applies to agency.
  • Follow agencys policies for responding to
    patient complaints about privacy violations
  • Review policies procedures
  • (more on next slide)

75
Responding to complaints our agency (cont.)
  • Acknowledge importance of confidentiality
  • Dont belittle clients complaint
  • Dont give client the run around
  • Conduct thorough investigation
  • Talk to witnesses
  • Look at documentation
  • Get clients feedback

76
Case study no. 8
  • Breach of HIV confidentiality by home health aide
    in your agency
  • Case study 8 Annas home health aide
  • Examples issues from our agency?

77
Responding to complaints involving different
agency
  • What should I do
  • If my client complains that someone in another
    agency has breached his HIV confidentiality?

78
Case study no. 9
  • Breach of HIV confidentiality by outside
    physician
  • Case study 9 (Michaels doctors office)
  • Examples and issues from our clients experiences
    with other agencies ?

79
Responding to complaints involving different
agency (cont.)
  • Options
  • Refer client to
  • Legal Action Center 212-243-1313 or
    800-223-4044. Ask to speak to a paralegal or
  • Another HIV legal service provider
  • Help client file complaint with NYS Department of
    Health-AIDS Institute, Special Investigation Unit
  • Details in next slide . . .

80
Responding to complaints involving different
agency (cont.)
  • Option 2 (cont.)
  • DOH complaint process for people alleging
    breaches of HIV confidentiality in violation of
    Article 27-F
  • Complaint form is on DOH website
  • DOH SIU (800) 962-5065
  • May ask Legal Action Center (or other HIV legal
    service provider) to represent client in this
    proceeding, but dont need a lawyer
  • Usual result if a violation is found statement
    of deficiencies requiring corrective action

81
Responding to complaints involving different
agency (cont.)
  • 3. Help client file complaint with other
    government agenc(ies) for
  • violation of HIPAA, or
  • violating professional licensing/ ethical rules
    governing the breacher.
  • Though client will not receive money in these
    proceedings, client may feel vindicated if agency
    finds a violation.

82
Responding to complaints involving different
agency (cont.)
  • Option 3 (cont.)
  • Complaints against physicians may be filed with
    NYS Office of Professional Medical Conduct.
  • OPMC phone 800-663-6114, or
  • opmc_at_health.state.ny.us
  • complaint form call or download

83
Responding to complaints involving different
agency (cont.)
  • Option 3 (cont.)
  • Complaints against other licensed professionals
    (e.g., social workers, nurses, pharmacists) may
    be filed with the NYS Education Dept., Office of
    the Professions
  • OP Complaint Hot Line 800-442-8106, or
    conduct_at_mail.nysed.gov
  • Complaint form call or download

84
Responding to complaints involving different
agency (cont.)
  • Option 3 (cont.)
  • Complaints under HIPAA may be filed with the
    U.S. Department of Health and Human Services,
    Office of Civil Rights
  • Health Information Privacy Complaint
  • www.hhs.gov/ocr/howtofile.html
  • OCR (toll-free) 800-368-1019

85
Responding to complaints involving different
agency (cont.)
  • Options (cont.)
  • Conduct informal advocacy with alleged breacher
  • Help client complain to management (supervisors,
    director, legal counsel) of the entity that
    breached his/her confidentiality.
  • Demand thorough investigation and same steps your
    own agency would do in that situation (just
    discussed).

86
Confidentiality violations other remedies?
  • Can someone be sued for violating Article 27-F or
    HIPAA?
  • Yes for violations of Article 27-F by person
    whose rights were violated. Client can seek
  • money for harm suffered
  • change in policies
  • training
  • discipline for persons responsible

87
Confidentiality violations other remedies?
  • Can someone be sued for violating Article 27-F or
    HIPAA? (cont.)
  • No for violating HIPAA. People may not bring
    lawsuits to remedy violations of HIPAA. Only the
    federal government can enforce HIPAA. It can
    seek fines imprisonment.

88
Questions?
  • Suggestions for improvements?
  • Comments?
  • Recommendations?
  • Thank you!
Write a Comment
User Comments (0)
About PowerShow.com