Practicing In Harmony with HIPAA - PowerPoint PPT Presentation

About This Presentation
Title:

Practicing In Harmony with HIPAA

Description:

Practicing In Harmony with HIPAA The views and opinions expressed in the presentation are those of the presenter, ... Rural Health Clinic, ... – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 14
Provided by: ide103
Category:

less

Transcript and Presenter's Notes

Title: Practicing In Harmony with HIPAA


1
Practicing In Harmony with HIPAA
The views and opinions expressed in the
presentation are those of the presenter, and not
necessarily official positions of the United
States Department of Justice.
2
Purpose
  • Underscore the commitment of DOJ to facilitate
    covered entity compliance with HIPAA while
    pursuing its legitimate governmental functions
  • Discuss the different functions of DOJ with
    reference to HIPAA disclosures

3
The Multiple Hats of DOJ
  • Health Oversight
  • Law Enforcement
  • Representing Government Entities
  • VA Hospital, Rural Health Clinic, Government
    Employees
  • Prosecuting Criminal Violations of 42 USC 1320d-6
  • The activity will dictate the applicable HIPAA
    provision which permits disclosure
  • DOJ is NOT a covered entity

4
Which HIPAA Exception Permits Disclosure to DOJ?
  • Least restrictive exception applies
  • Health Oversight (45 CFR 164.512(d))
  • (Essentially preserved the pre-HIPAA landscape on
    disclosures)
  • Law enforcement (45 CFR 164.152(f)
  • Representing a government agency (45 CFR
    164.508)

5
Informing the Covered Entity
  • Informing the covered entity which provision of
    HIPAA permits the requested disclosure
  • May be written, may be oral

6
Permitted Disclosures to Law Enforcement
  • Pursuant to Process and Required by law
    164.512(f)(1)
  • Court Orders, Warrants, Judicial Subpoenas
  • Grand Jury Subpoenas
  • Administrative Request/Demand/Subpoena, provided
    that
  • Relevant and material to legitimate L.E. inquiry
  • Specific limited in scope to extent reasonably
    practicable in light of the purpose
  • De-identified information could not reasonably be
    used
  • Covered entity can rely on representations on the
    face of the administrative subpoena
    (164.514(h)(2)(A))

7
Permitted Disclosures to Law Enforcement
  • Other Provisions of 164.512 (f)
  • 8 items for Identification and Location of
    suspects, material witness, missing person
  • Victims of crime, but unless required by law or
    process, certain limitations for victims of
    abuse, neglect or domestic violence
  • Decedents, if under suspicious circumstances
  • Crime on premises
  • Reporting crime in an emergency

8
One Health Oversight Note
  • Health oversight has been discussed by Anne
    MacArthur of the OIG
  • Special Note About Administrative Subpoenas used
    in furtherance of health oversight activity
  • When a health oversight activity, 164.512(d)
    governs the limitations in 164.512(f)(a) are
    irrelevant (including restrictions on L.E.
    administrative subpoenas) only apply to law
    enforcement activity

9
Some Other Special Circumstances
  • Avert serious threat to health or safety
    164.512(j)
  • Specialized government functions -164.512(k)
  • National Security and Intelligence
  • Protective Services for President and others
  • Correctional institutions and other law
    enforcement custodial situations

10
Suspension of Audit Trail Disclosure
  • A covered entity must suspend an individuals
    right to an account when an oral or written
    request is made by a health oversight or law
    enforcement official for the length of time
    requested by the official. 45 CFR 164.528
    (a)(2)
  • Oral request (good for up to 30 days) followed by
    written request
  • Document the request.
  • Reasonably likely to impede the agencys
    activities

11
Preemption of State Privacy Law
  • A HIPAA standard, requirement or implementation
    specification, preempts a state law concerning
    the privacy of protected health information,
    unless the state law
  • Is contrary to HIPAA, and
  • Relates to the privacy of Individually
    Identifiable Health Information, and
  • Is more stringent than a provision of the HIPAA
    medical privacy rules
  • U.S. Constitution supremacy clause

12
Criminal Violations of HIPAA Privacy Rules
  • HIPAA create a criminal violation for improper
    disclosure or receipt of protected health
    information 42 U.S.C. 1320d-6
  • DOJ investigates and prosecutes criminal
    violations of this statute primarily
    investigated by FBI
  • 3-levels of escalating penalties keyed to
    egregiousness of the offense conduct
  • Direct complaints, or referrals from HHS-OCR

13
Conclusion
  • We are committed to facilitating the disclosure
    of protected health information for health
    oversight and law enforcement purposes in
    compliance with HIPAA
  • We will firmly resist efforts by covered entities
    to constrict the exceptions which HIPAA permits
  • We will investigate complaints of criminal HIPAA
    violations and prosecute where appropriate.
  • Ian DeWaal, Senior Counsel
  • Department of Justice,
  • Criminal Division, Fraud Section
Write a Comment
User Comments (0)
About PowerShow.com