I.G. Subpoenas and the HIPAA Privacy Rule - PowerPoint PPT Presentation

About This Presentation
Title:

I.G. Subpoenas and the HIPAA Privacy Rule

Description:

I.G. Subpoenas and the HIPAA Privacy Rule The views and opinions expressed in the presentation are those of the presenter, and not necessarily official positions of ... – PowerPoint PPT presentation

Number of Views:110
Avg rating:3.0/5.0
Slides: 15
Provided by: OIG8
Category:

less

Transcript and Presenter's Notes

Title: I.G. Subpoenas and the HIPAA Privacy Rule


1
I.G. Subpoenas and the HIPAA Privacy Rule
  • The views and opinions expressed in the
    presentation are those of the presenter, and not
    necessarily official positions of the Office of
    Inspector General, Department of Health and Human
    Services

2
The Inspector Generals Authority
  • Inspector General Act of 1978
  • 5 U.S.C. App 3
  • Inspector General Subpoenas
  • 5 U.S. C. App 3 6(a)(4) to require by subpoena
    the production of all documents necessary in
    the performance of the functions assigned by this
    Act.

3
HIPAA Privacy Rule
  • 45 C.F.R. 164.512 permits covered entities to
    disclosure protected health information (PHI)
    without patient consent for the 12 national
    priorities listed in this section.
  • Most disclosures to the HHS IG will come under 45
    C.F.R. 164.512(a) and 164.512(d)

4
The Inspector General as Health Oversight Agency
  • Definition of a health oversight agency
  • 45 C.F.R. 164.501
  • Regulation preamble
  • 65 Fed. Reg. 82492 (Dec 28, 2000)

5
The Health Oversight Exception
  • 45 C.F.R. 164.512(d)
  • Permits covered entities to disclose protected
    health information to a health oversight agency
    for oversight activities authorized by law.

6
The Health Oversight Exception
  • Examples of health oversight activities
  • audits,
  • civil, administrative or criminal investigations,
  • inspections,
  • licensure or disciplinary actions, civil,
    administrative or
  • criminal proceedings or actions

7
The Health Oversight Exception
  • More health oversight activities
  • Health fraud investigations conducted with the
    FBI/DoJ.
  • Both IG subpoenas and DoJs administrative
    subpoenas (18 U.S.C. 3486) are used.
  • The HIPAA Privacy Rule permits covered entities
    to disclose to both types of subpoena under the
    health oversight exception.

8
The Health Oversight Exception
  • More health oversight activities
  • Joint investigations with other agencies health
    oversight investigation conducted in conjunction
    with an investigation related to a claim for
    public benefits not related to health.
  • Example social security number fraud involving
    Medicaid and other public benefits such as food
    stamps, housing vouchers.

9
The Required by Law Exception
  • 45 C.F.R. 164.512(a)
  • Permits covered entities to disclose protected
    health information to the extent that such use or
    disclosure is required by law and the use or
    disclosure complies with and is limited to the
    relevant requirements of such law.

10
Required by Law
  • Definition of required by law
  • 45 C.F.R. 164.501
  • Includes subpoenas issued by a governmental
    inspector general.
  • Also includes the Medicare conditions of
    participation with respect to health care
    providers participating in the program.

11
Overlap of Health Oversight and Law Enforcement
  • Some requests for disclosure of PHI could fit
    under more than one exception in 45 C.F.R.
    164.512
  • Regulation Preamble
  • 65 F.R. 82524 Covered entity may disclose PHI as
    permitted by one paragraph of 164.512 regardless
    of whether the disclose fails to meet the
    requirements under a different paragraph of
    164.512 or elsewhere in the rule.

12
Health Care Fraud as Health Oversight
  • Regulation Preamble
  • 65 Fed. Reg. 82532 explains that health care
    fraud was moved from law enforcement in the
    notice of proposed rule making to health
    oversight in the final rule.

13
Informing the Covered Entity
  • Subpoena cover letter
  • OIG will cite applicable section of the HIPAA
    Privacy Rule that permits disclosure
  • OIG may demand a suspension of accounting of
    disclosures per 45 C.F.R. 164.528
  • Verification of Identity
  • 45 C.F.R. 164.514(h)(2)(ii)

14
Conclusion
  • The HIPAA Privacy Rule permits covered entities
    to disclose PHI in response to IG subpoenas.
  • The OIG will work with covered entities to allay
    concerns about an IG subpoena however, when
    necessary, we will take action to enforce the
    subpoena.
  • If a covered entity has questions about
    disclosure of PHI related to an IG subpoena from
    the HHS OIG, it should contact the Office of
    Counsel to the Inspector General at (202)
    619-0335.
Write a Comment
User Comments (0)
About PowerShow.com