Peg Schmidt, RHIA CHPS and Amy Derlink, RHIA, CHA April 10, 2015
|
|
- Gertrude Anderson
- 6 years ago
- Views:
Transcription
1 Peg Schmidt, RHIA CHPS and Amy Derlink, RHIA, CHA April 10, Step One Gather the facts Who is the requestor? Why are they requesting (purpose)? What type of PHI are they asking for? (record type) Step Two Which law(s) apply? Look at the type of record requested and determine which law(s) apply Can be multiple 2 Step Three Resources Copies of laws Bookmark WI statutes page HIPAA COW Pre-emption grid Step Four Assume the requestor will require an authorization unless legal exception found Based on record type, purpose, requestor Pre-emption follow greatest protection 3 1
2 Child Protective Services requesting ED records and tells you that they are investigating suspected child abuse. Identifies the child s record by name. Step One who /why / type of record? CPS Child abuse investigation ED Patient Health Care Record 4 Step Two which laws apply? ED record = Patient Health Care Record = HIPAA Privacy Rule also applies Step Three resources Locate the list of exceptions Locate the section in Privacy Rule re child abuse (b) (1) (ii) Pre emption grid (2) (a) To a county department, as defined under s (2g), a sheriff or police department or a district attorney for purposes of investigation of threatened or suspected child abuse or neglect or suspected unborn child abuse or for purposes of prosecution of alleged child abuse or neglect, if the person conducting the investigation or prosecution identifies the subject of the record by name. The health care provider may release information by initiating contact with a county department, sheriff or police department or district attorney without receiving a request for release of the information. A person to whom a report or record is disclosed under this subdivision may not further disclose it, except to the persons, for the purposes and under the conditions specified in s (7). 6 2
3 HIPAA (b)(1)(ii) (b) Standard: uses and disclosures for public health activities--(1) Permitted disclosures. A covered entity may disclose protected health information for the public health activities and purposes described in this paragraph to: (ii) A public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect; 7 Both state law and HIPAA would allow the disclosure without authorization Pre-emption directs that we follow state law Disclosure to CPS allowable without authorization as long as the subject of the record is identified by name 8 Subpoenas Generally subpoena alone not allowable to disclose Subpoena signed by a judge = court order Attorney issued / look for an authorization Out-of-state generally not valid Consider requestor and purpose does it meet an exception to allow disclosure? 9 3
4 Department of Safety and Professional Services Grand Jury Subpoena May fit (2) (a) 5 5. In response to a written request by any federal or state governmental agency to perform a legally authorized function, 10 Court Orders Not all court orders are valid Determine federal versus state Federal court order could be valid in WI even if out-of-state issued WI issued court order generally valid Out-of-state state court orders generally not valid 11 Omnibus Rule On January 25, 2014 the DHHS published the Omnibus Final Rule which modified HIPAA regulations in accordance with HITECH. 12 4
5 45 CFR Access of individuals to PHI CE must act on a request for access no later than 30 days after receipt of the request as follows. If the CE grants the request, in whole or in part, it must: inform the individual of the acceptance of the request provide the access requested in the form or format requested IF it readily producible in such form or format. If not, in a readable hard copy form as agreed to by CE and individual CFR Access of individuals to PHI If the CE denies the request, in whole or in part, it must provide the individual with a written denial and CE to extent possible give the individual access to any other PHI requested after excluding the PHI to which the CE has a ground to deny access CE must provide a timely, written denial to the individual in plain language and contain: Basis for denial Description of how individual may complain to CE and to whom CFR Access of individuals to PHI What must the patient provide? A hand written or typed request authorizing the disclosure and the name and address to where information is released Does not have to be HIPAA compliant or on hospital authorization Unless sensitive or federally protected information is contained in the record 15 5
6 Result of and the individual An increase of over 20% of individuals exercising their right of access to a third party An increase in number of records pages/image of PHI 16 History of Fee Provisions HIPAA permits a CE to impose reasonable, cost-based fees including the labor and supply costs for responding to requests made by an individual (patient or legal representative) for copies of protected health information (PHI). CEs are not permitted to charge for retrieving or handling the request to the individual. Fees for copying and postage under state law are presumed reasonable but no search or retrieval fee under state law is permitted. 18 6
7 HITECH Act (c)(4) Fees If the individual requests a copy of the PHI or agrees to a summary of such information, the CE may impose a reasonable, cost-based fee, provided that the fee includes only the cost of: i. Labor for copying the PHI requested by the individual, whether in paper or electronic form; ii. Supplies for creating the paper copy or electronic media if the individual requests that the electronic copy be provided iii. Postage, when the individual has requested the copy, or the summary be mailed; and iv. (iv) Preparing an explanation or summary of the PHI, if agreed to by the individual 19 HITECH Act - Patient Access to Electronic Health Record (EHR) Under the HITECH Act, when a CE maintains an EHR with respect to PHI of an individual The right to obtain a copy of EHR in electronic format The individual has the right to direct the CE to transmit such copy directly to an entity or person designated by the individual, provided that any such choice is clear, conspicuous and specific Any fee that the CE may impose for providing such information shall not be greater than the entity s labor costs in responding to the request. The CE disclosing the PHI is required to make the minimum necessary determination for the amount of information required for the purpose of the disclosure
8 22 How did you calculate that labor cost? What did you do for the hybrid records? What were the charges? How many were patient directed requests? 23 Please note that 45 C.F.R (c)(4) does not require that covered entities use a specific method to calculate what constitutes a reasonable, cost-based fee, such as multiplying hourly rate of pay for the worker performing the task by the time that worker spent making a copy. HIPAA regulations do not prohibit averaging labor and supply costs across all records requests rather calculating labor time spent for each record request on an individualized basis. 24 8
9 Omnibus did not provide an equation so what to consider? 25 [Wis. Stats (3f) (b)] has a mandatory fee for requests and these fees must be charged to the third party as long as the third party requests the record. Paper copies: $1.02/pg for pages 1-25; $0.70/pg for pages 26-50; $0.51/pg for pages ; and $0.30/pg for pages Microfiche or microfilm copies: $1.52 per page. Print of an X-ray: $10.15 per image. A single $8.12 charge for certification of copies, if the requester is not the patient or a person authorized by the patient. A single retrieval fee of $20.30 for all copies requested, if the requester is not the patient or a person authorized by the patient. Actual shipping costs and any applicable taxes. If a patient requests their medical records be sent to a third party via a patient directive (request letter), then the CE must charge patient rates under the Omnibus rule. 26 In states that have a mandatory fee structure, like WI, CEs must only charge the patient the lesser rate. IOD charges for records delivered through mail on paper or CD $0.39/per pg (1-100) $0.31/per pg ( ) Wisconsin state tier $0.12/ per pg (201+) *Max charge of $
10 Keep in mind your tiered rate scale and apply those page ranges as set forth in the state 28 What were we faced with in ROI as a result of Omnibus Rule? 29 Omnibus copy fee complaints 30 10
11 What are we seeing in ROI? 31 Train ROI Staff Need a separate directive by the Patient or personal representative HHS has distinguished a patient s or personal representative s directive to a covered entity to transmit a copy of protected health information (PHI) to a designated individual different than an authorization. Patient Directive is covered by 45 C.F.R (c)(3)(ii) Patient authorization is addressed by 45 C.F.R (c). 32 A directive to transmit a copy of PHI to a designated individual is distinct from an authorization form, such that a CE is permitted to release information to a third party pursuant to such a directive without an accompanying patient authorization, since the request for information is from the patient himself/herself and not from a third party. See Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Nondiscrimination Act; Other Modifications to the HIPAA Rules ( Omnibus Final Rule ), 78 FR 5566, 5635 (January 25, 2013)
12 (c)(4) Fees 45 C.F.R (c)(4) Fees: only applies to requests by individuals, rather than requests by third parties. The individual is a defined term under HIPAA referring to the person who is the subject of protected health information. 45 C.F.R The fees will also apply to requests by those who qualify as personal representatives under 45 C.F.R (g), which will not apply to an attorney requestor unless such attorney has authority to act on behalf of an individual who is an adult or an emancipated minor in making decisions related to health care, 45 C.F.R (g)(1)(2), which is generally not the case. POA, Executor of Estate, etc. 34 Scenario: Your facility receives a request from a law firm with a patient authorization attached. The law firm quotes the HITECH rule and that they would like a copy of the electronic record sent to them on a CD at labor costs to produce the record. 35 Response: your firm submitted to the CE an executed authorization from the individual, authorizing the release of records and your firm requesting a copy of the individual s medical records be sent to your law firm. Response: In accordance with the Omnibus Final Rule, our facility does not recognize your records request as covered by 45 C.F.R (c)(3)(ii), since HHS guidance is clear that a directive under 45 C.F.R (c)(3)(ii) is distinct from an authorization. Had you law firm instead submitted a separate directive compliant with 45 C.F.R (c)(3)(ii), our facility would have processed the request at patient rates
13 Response: Because the request originates from you (a third party) rather than the individual, the request will be subject to the fee schedule established under State law at. Based on this law, we estimate a charge for this copy of. Please note that, even with an electronic copy, our facility charges this amount in accordance with State law to cover the extensive release of information process in which a professional reviews each page of the requested records to ensure that only appropriate information is provided. 37 Response: You indicate that your request falls under the fee limitations at 42 U.S.C (e) of the HITECH Act and 45 C.F.R (c) of HIPAA. These sections only pertain to requests by individuals, not requests by third parties. For example, (c)(4) states that [i]f the individual requests a copy of the PHI, then the request is subject to certain fee limitations. On its face, the regulation does not address requests by persons other than the individual. And while (c)(3)(ii) provides that an individual may direct the CE to transmit a copy of the record to a third party, the subsection similarly begins with an individual s request. In the preamble commentary to HIPAA s 2013 regulatory amendments, HHS makes plain that only applies when the request was clearly made by the individual and not a third party: 38 Response: Section (c)(3) of the Privacy Rule currently requires the CE to provide the access requested by the individual in a timely manner, which includes arranging with the individual for a convenient time and place to inspect or obtain a copy of the PHI, or mailing the copy of PHI at the individual s request. The Department had previously interpreted this provision as requiring a CE to mail the copy of PHI to an alternative address requested by the individual, provided the request was clearly made by the individual and not a third party. Section 13405(e)(1) of the HITECH Act provides that if the individual chooses, he or she has a right to direct the CE to transmit an electronic copy of PHI in an EHR directly to an entity or person designated by the individual, provided that such choice is clear, conspicuous, and specific
14 Response: Based on section 13405(e)(1) of the HITECH Act and our authority under section 264(c) of HIPAA, we proposed to expand (c)(3) to expressly provide that, if requested by an individual, a CE must transmit the copy of PHI directly to another person designated by the individual. This proposed amendment is consistent with the Department s prior interpretation on this issue and would apply without regard to whether the PHI is in electronic or paper form. 40 Response: Your request, on its face, is clearly from your law firm rather than from the patient. It is on firm letterhead, indicates that it is coming from your firm, and is signed by you. While the request includes a statement that is signed by the patient, this does not transform the request into a patient request. To conclude otherwise would mean that any third party requestor could avoid the requirements to provide a HIPAA-compliant authorization (which include substantial content requirements to ensure the individual s rights are safeguarded), and could instead merely add a sentence and the individual s signature to the third-party s request. 41 HITECH/Omnibus rates only apply to requests from the Individual or his/her Personal Representative Who is a Personal Representative under HIPAA? 42 14
15 A person authorized (under State or other applicable law, e.g., tribal or military law) to act on behalf of the individual in making health care related decisions is the individual s personal representative. 45 CFR (g) requires covered entities to treat an individual s personal representative as the individual with respect to uses and disclosures of the individual s protected health information, as well as the individual s rights under the Rule. Who are personal representatives? Health care POA, Court appointed legal guardian, General POA or durable POA that includes the power to make health care decisions A parent, guardian, or other person acting in loco parentis with legal authority to make health care decisions on behalf of the minor child An Executor or administrator of the estate of a deceased patient Next of kin or other family member (if relevant law provides authority) 43 HIPAA defines an individual as the person who is the subject of protected health information. 5 HIPAA further provides that, generally, a covered entity (or its business associate) must treat a personal representative as the individual for purposes of [the HIPAA administrative simplification regulations]. 6 An attorney will only qualify as a personal representative if, under applicable law, the attorney has authority to act on behalf of an individual in making decisions related to health care C.F.R (definition of individual ) C.F.R (g)(1) C.F.R (g)(2), (3), and (4). 44 Be cautious and Read the request letters! Look out for: Attorney Requests on their letterhead signed by the patient Handwritten patient letters to their attorney Handwritten or typed patient letter with attorney authorization attached All = patient directive = actual cost and labor 45 15
16 46 16
BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY
BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY Date: 09/23/2013 Business Associate: Name: BeneFLEX HR Resources, Inc. Address: 10805 Sunset Office Drive, Ste 401 St. Louis, MO 63127 Covered Entity: This
More informationRight to Request Access to Designated Record Set
HIPAA Procedure 5002B Right to Request Access and Amendment to Designated Record Effective Date: April 14, 2003 Revised Date: November 2, 2016 Right to Request Access to Designated Record... 1 Denial of
More informationAlthough we encourage your participation during the presentation, it is entirely voluntary.
M. Scott LeBlanc, JD & Thomas N. Shorter, JD FACHE Godfrey & Kahn, S.C. Friday, April 27, 2018, 1:35-2:25 pm Country Springs Hotel, Waukesha, WI 1 Although we encourage your participation during the presentation,
More informationTHE UNIVERSITY OF TEXAS SYSTEM ADMINISTRATION HIPAA PRIVACY MANUAL Section 7.2: Right to Access Protected Health Information Page: 1 of 5
THE UNIVERSITY OF TEXAS SYSTEM ADMINISTRATION HIPAA PRIVACY MANUAL Section 7.2: Right to Access Protected Health Information Page: 1 of 5 Effective Date: September 23, 2013 POLICY System recognizes an
More informationTechnical Corrections to the HIPAA Privacy, Security, and Enforcement Rules. AGENCY: Office for Civil Rights, Department of Health and Human Services.
This document is scheduled to be published in the Federal Register on 06/07/2013 and available online at http://federalregister.gov/a/2013-13472, and on FDsys.gov DEPARTMENT OF HEALTH AND HUMAN SERVICES
More informationPatient Privacy and Security: Data Breach Reporting and other HIPAA Changes
Patient Privacy and Security: Data Breach Reporting and other HIPAA Changes Paul T. Smith, Partner, Davis Wright Tremaine James B. Wieland, Shareholder, Ober Kaler 1 Developments The Health Information
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationSales Order (Processing Services)
SO# DIRECT CUST# INDIRECT CUST# Sales Order (Processing Services) Note: RelayHealth will assign CUST# s and SO# will be completed upon receipt. Sold To ( End User ): Bill To: Note: cannot be a P.O. Box
More informationAMERICAN RECOVERY & REINVESTMENT ACT OF 2009 TITLE XIII HEALTH INFORMATION TECHNOLOGY ANALYSIS OF PRIVACY AND SECURITY REQUIREMENTS (SUBPART D)
Introduction: AMERICAN RECOVERY & REINVESTMENT ACT OF 2009 TITLE XIII HEALTH INFORMATION TECHNOLOGY ANALYSIS OF PRIVACY AND SECURITY REQUIREMENTS (SUBPART D) The purpose of this document is to provide
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is entered into by and between the Trustees of the University of Pennsylvania as owner and operator of the University
More informationH I P AA B U S I N E S S AS S O C I ATE AGREEMENT
H I P AA B U S I N E S S AS S O C I ATE AGREEMENT This HIPAA BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into by and between Educators Mutual Insurance Association of Utah and its subsidiaries (
More informationRENOWN HEALTH NETWORK POLICY
Page 1 of 7 Title: Patient Right to Request an Amendment Melinda Montoya, Revision History: Scope: This policy applies to all Renown-affiliated facilities including, but not limited to, hospitals, ambulatory
More informationEXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS
Page 1 of 24 EXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS This Exhibit G is intended to protect the privacy and security of specified Department information that Contractor may access, receive,
More informationCops and Docs: Law Enforcement Access to Patients and Information
Cops and Docs: Law Enforcement Access to Patients and Information HIPAA Collaborative of Wisconsin October 19, 2012 Diane Welsh, von Briesen & Roper, s.c. dwelsh@vonbriesen.com or 608.661.3961 David Perlman,
More informationWASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT
General Administration Policy #1300 - Manual WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Manual #1300 Adopted by the Washington County Board of Commissioners
More informationInvestigating Privacy Breaches under HITECH and HIPAA
Investigating Privacy Breaches under HITECH and HIPAA Barry Herrin Smith Moore Leatherwood LLP 1180 W. Peachtree St. NW, Suite 2300 Atlanta, Georgia 30309 T (404) 962-1027 F (404) 962-1200 Presented by:
More informationHIPAA DATA USE AGREEMENT
HIPAA DATA USE AGREEMENT This Data Use Agreement (this "Agreement") is entered into effective as of 20 and until months thereafter the Effective Date by and among St. Jude Children s Research Hospital,
More informationTRICARE Operations Manual M, April 1, 2015 Administration. Chapter 1 Section 5
Administration Chapter 1 Section 5 Revision: 1.0 GENERAL 1.1 Contractors shall comply with all federal laws which apply to the administration of TRICARE health plans. In many situations where federal law
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) effective as of the laterdated signature hereto ( Effective Date ), identifies and clarifies the relationship and responsibilities
More informationDr. Richard M. Powers POWER OF ATTORNEY AND MEDICAL RELEASE
Dr. Richard M. Powers POWER OF ATTORNEY AND MEDICAL RELEASE POWER OF ATTORNEY TO ENDORSE CHECKS AND/OR SIGN ANY PIECE OF PAPER WHICH WILL ENHANCE OR EXPEDITE PAYMENT TO PROVIDER FOR SERVICES RENDERED,
More informationPOLICY REGARDING INDIVIDUAL RIGHTS TO REQUEST ACCESS TO INSPECT/COPY PROTECTED HEALTH INFORMATION
Purpose: Standard: Policy: To set forth the policy and procedures of WVU Physicians of Charleston (WVUPC) regarding an individual s right to request access to inspect and/or copy his/her Protected Health
More informationPatient Any person who consults or is seen by a physician to receive medical care
POLICY & PROCEDURE TITLE: SUBPOENA of Medical Records Scope/Purpose: To ensure proper disclosure and release of Protected Health Information (PHI) Division/Department:All Health Point Clinics Policy/Procedure
More informationA Compliance Guide for Covered Entities and Business Associates
A Compliance Guide for Covered Entities and Business Associates Kate Borten, CISSP, CISM A Compliance Guide for Covered Entities and Business Associates Kate Borten, CISSP, CISM : A Compliance Guide for
More informationBUSINESS ASSOCIATE AGREEMENT (BETWEEN GIOSTARCHICAGO.COM AND GIOSTARORTHOPEDICS.COM AND GODADDY)
BUSINESS ASSOCIATE AGREEMENT (BETWEEN GIOSTARCHICAGO.COM AND GIOSTARORTHOPEDICS.COM AND GODADDY) This HIPAA Business Associate Agreement ( Agreement ) is entered into by and between GoDaddy.com, LLC, a
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into by and between eclinicalworks, LLC, a Massachusetts limited liability company ( eclinicalworks ), and ( Customer
More informationMEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT
MEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Adopted by the Meeker County Board of Commissioners November 2010 Implemented: November 2010 MINNESOTA GOVERNMENT DATA
More informationSAMPLE. Medical Records and. Published by: the Court System. E-book Series, 3 of 12
Release of Information in California: Medical Records and Published by: the Court System E-book Series, 3 of 12 The Release of Information (ROI) in California is a series of 12 E-books that will help you
More informationIntroduction to Health Insurance Portability and Accountability Act (HIPAA): How It Affects Law Enforcement. Prepared by:
Introduction to Health Insurance Portability and Accountability Act (HIPAA): How It Affects Law Enforcement Prepared by: Toni Smith Assistant City Attorney 2012 Introduction In 1996, the Health Insurance
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT WHEREAS, the American Osteopathic Board of Orthopedic Surgery (AOBOS) provides certain board certification services to osteopathic physicians who complete appropriate postdoctoral
More informationHIPAA Compliance During Litigation and Discovery
Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests THURSDAY,
More informationSite Access Agreement. (hereinafter referred to as the
Site Access Agreement Business Name: Site ) (hereinafter referred to as the Business Address: THIS AGREEMENT made effective as of this day of, 20 (hereinafter the Agreement ), between The Cooper Health
More informationAccess to Public Records and Property
Access to Public Records and Property 622 - Administrative/Operating Guidelines The Northcentral Technical College District is subject to the requirements of the Wisconsin Public Records and Property Law
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ) is effective this day of, 2008 (the Effective Date ) by and between, (the Covered Entity ) and (the Business Associate ).
More informationCurrent Developments in Privacy and Security Rule Enforcement
Current Developments in Privacy and Security Rule Enforcement Hamline University College of Law Health Law Institute National Speakers Series Jerome B. Meites, Esq. Chief Regional Civil Rights Counsel
More informationHIPAA Privacy Rule Compliance Issues
HIPAA Privacy Rule Compliance Issues Presentation for AAPM Myra N. Moran J.D. HHS/OCR August 2, 2006 DISCLAIMER My goal in speaking with you today is to explain Privacy Rule compliance issues. I can make
More informationPOLICY REGARDING INDIVIDUAL RIGHT TO REQUEST AMENDMENT OF PROTECTED HEALTH INFORMATION. 1. Request to Amend PHI
Purpose: Standard: Policy: To set forth the policy and procedures of WVU Physicians of Charleston (WVUPC) regarding an individual s right to request an amendment of his/her Protected Health Information
More informationRENOWN HEALTH NETWORK POLICY
Category: RENOWN HEALTH NETWORK POLICY Next Review Date: 04/01/14 Corporate Compliance Revision History: 04/01/10 Number: RENOWN.CCD.755 Author: Tom Vallas, Corporate Compliance Officer & Counsel Page
More informationMICHIGAN FREEDOM OF INFORMATION ACT (FOIA) Flint Community Schools (FCS) Procedures and Guidelines
MICHIGAN FREEDOM OF INFORMATION ACT (FOIA) Flint Community Schools (FCS) Procedures and Guidelines The Freedom of Information Act (Act 442 of the Public Acts of 1976) regulates and sets requirements for
More informationProcedure 4.4: Production of Public Records for Inspection and Charge for Copies of Public Records
Procedure 4.4: Production of Public Records for Inspection and Charge for Copies of Public Records Volume 4: Legal/Governance Managing Office: Office of General Counsel Effective Date: May 3, 2010 Revised:
More informationHealth Information Privacy Code 1994
Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use
More informationHITECH Omnibus Business Associate Agreement DU Hybrid CE ra FINAL
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) by and between Drexel University ( Hybrid Entity ), with a principal address at 3141 Chestnut Street, Philadelphia, PA 19104,
More informationDATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION
DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION This Data Use Agreement (the Agreement ) is effective between the Greenville Hospital System and Data User(s) (the Data Users ): 1. (List name
More informationHIPAA Privacy Compliance Initiative: Final Rules Impact Employer Health Plans
HIPAA Privacy Compliance Initiative: Final Rules Impact Employer Health Plans www.morganlewis.com Presenters: Sage Fattahian Lauren Licastro Georgina O Hara Date: February 8, 2013 Time: 12:30-1:30 p.m.
More informationBreach Notification and Enforcement
Breach Notification and Enforcement Sponsored by Health Information and Technology Practice Group June 14, 2012 Presenter: Patricia A. Markus, Esquire, Smith Moore Leatherwood LLP, Raleigh, NC, Trish.Markus@smithmoorelaw.com
More informationLaw Enforcement Access to Patients and Information
Law Enforcement Access to Patients and Policy A02-04 Release of Patient That is Legally Mandated of Permitted states that disclosures that are required by law or permitted by law and are authorized by
More information[Enter Organization Logo] DISCLOSURES OF SUBSTANCE USE DISORDER PATIENT RECORDS. Policy Number: [Enter] Effective Date: [Enter]
DISCLOSURES OF SUBSTANCE USE DISORDER PATIENT RECORDS Policy Number: [Enter] Effective Date: [Enter] [GPM Note: In January 2017, the Department of Health and Human Services, Substance Abuse and Mental
More informationRESOLUTION AGREEMENT. I. Recitals
RESOLUTION AGREEMENT I. Recitals 1. Parties. The Parties to this Resolution Agreement ( Agreement ) are the United States Department of Health and Human Services, Office for Civil Rights ( HHS ) and Affinity
More informationPrivacy Officer Director Health Information Management. The Hybrid and Affiliate Covered Entity of The University of Toledo
Name of Policy: Policy Number: 3364-90-17 Medical Record Amendment Approving Officer: Responsible Agent: Scope: Executive Vice President of Clinical Affairs Privacy Officer Director Health Information
More informationResponding to Requests for the Release of Minors Health Information: Guidelines for N.C. Local Health Departments. Jill Moore UNC School of Government
Responding to Requests for the Release of Minors Health Information: Guidelines for N.C. Local Health Departments Jill Moore UNC School of Government I. Introduction A. Minors: A minor is a person under
More informationHealth Information Technology for Economic and Clinical Health (HITECH) Act Privacy and Security Provisions
Health Information Technology for Economic and Clinical Health (HITECH) Act Privacy and Security Provisions (Subtitle D of Title XIII of Division A of the American Recovery and Reinvestment Act (ARRA)
More informationWhat is Left of State Privacy Laws: Louisiana, New Mexico, Oklahoma & Texas
What is Left of State Privacy Laws: Louisiana, New Mexico, Oklahoma & Texas Presented by: David W. Hilgers Hilgers & Watkins, P.C dhilgers@hwlaw.com Patient Rights Prohibitions on Disclosure Condition-Specific
More informationDisclosing Medical Information to Law Enforcement Officials WENDY S. CEDOZ, J.D., RN CHIEF LEGAL OFFICER/GENERAL COUNSEL GENESIS HEALTHCARE SYSTEM
Disclosing Medical Information to Law Enforcement Officials WENDY S. CEDOZ, J.D., RN CHIEF LEGAL OFFICER/GENERAL COUNSEL GENESIS HEALTHCARE SYSTEM OSHRM/SOHA 2017 Spring Conference March 31, 2017 1 Overview
More informationCREIGHTON UNIVERSITY HANDLING PATIENT / PATIENT REPRESENTATIVE REQUESTS TO AMEND A HEALTH RECORD
CREIGHTON UNIVERSITY HANDLING PATIENT / PATIENT REPRESENTATIVE REQUESTS TO AMEND A HEALTH RECORD I. PURPOSE This policy is designed to inform Creighton Personnel in Creighton s Clinics of the process for
More informationThe. the KEY DEFINITIONS. authority and. Superintendent. Person means an. corporations. and or other. Written Request
FREEDOM OF INFORMATION ACT (FOIA) District Procedures and Guidelines The Freedom of Information Act (Act 442 of the Public Acts of 1976) regulates and sets requirements for the disclosure of public records
More informationNC General Statutes - Chapter 36F 1
Chapter 36F. Revised Uniform Fiduciary Access to Digital Assets Act. 36F-1. Short title. This Chapter may be cited as the Revised Uniform Fiduciary Access to Digital Assets Act. (2016-53, s. 1.) 36F-2.
More informationLimited Data Set Data Use Agreement
Limited Data Set Data Use Agreement This Agreement is made and entered into by and between (hereinafter Applicant ) and the State of Florida Agency for Health Care Administration, Florida Center for Health
More informationThe Lawyer s Ethical and Legal Duties to protect Private Information
The Lawyer s Ethical and Legal Duties to protect Private Information Claude E. Ducloux Attorney At Law Board Certified Texas Board of Legal Specialization Civil Trial Law Civil Appellate Law Director of
More information- 79th Session (2017) Assembly Bill No. 474 Committee on Health and Human Services
Assembly Bill No. 474 Committee on Health and Human Services CHAPTER... AN ACT relating to drugs; requiring certain persons to make a report of a drug overdose or suspected drug overdose; revising provisions
More informationSUPREME COURT OF PENNSYLVANIA BY THE CRIMINAL PROCEDURAL RULES COMMITTEE NOTICE OF PROPOSED RULEMAKING
SUPREME COURT OF PENNSYLVANIA CRIMINAL PROCEDURAL RULES COMMITTEE NOTICE OF PROPOSED RULEMAKING Proposed Rescission of Rule 107 and Adoption of New Rule 107 The Criminal Procedural Rules Committee is planning
More informationAgent/Agency Agreement
Agent/Agency Agreement This Agent/Agency Agreement ( Agreement ) between CareConnect Insurance Company Inc. and ( CCIC ) and ( Agent ) sets forth the terms and conditions under which Agent may sell health
More informationrdd Doc 825 Filed 12/11/17 Entered 12/11/17 16:29:55 Main Document Pg 1 of 4
17-22770-rdd Doc 825 Filed 12/11/17 Entered 12/11/17 16:29:55 Main Document Pg 1 of 4 UNITED STATES BANKRUPTCY COURT SOUTHERN DISTRICT OF NEW YORK ) In re: ) Chapter 11 ) 21st CENTURY ONCOLOGY HOLDINGS,
More informationMarc D. Goldstone, Esq.
Use and Disclosure of PHI- Overview and Update on Significant Issues Marc D. Goldstone, Esq. Hoagland, Longo, Moran, Dunst & Doukas,, LLP 40 Paterson Street P.O. Box 480 New Brunswick, NJ 08903 732-545
More informationCounty Sheriff s Office
** Boulder ) 201 / I County Sheriff s Office JOE PELLE Sheriff April 24, 2012 SENT VIA MAIL Ms. Sara J. Rich ACLU of Colorado P.O. Box 18986 Denver, Colorado 80218-0986 Dear Ms. Rich, Thank you for your
More informationDEPARTMENT OF DEFENSE BILLING CODE
This document is scheduled to be published in the Federal Register on 03/10/2015 and available online at http://federalregister.gov/a/2015-05374, and on FDsys.gov DEPARTMENT OF DEFENSE BILLING CODE 5001-06
More informationSTATE BOARD FOR TECHNICAL AND COMPREHENSIVE EDUCATION PROCEDURE FREEDOM OF INFORMATION
PAGE: 1 of 5 TITLE: FREEDOM OF INFORMATION POLICY REFERENCE NUMBER: 8-0-107 DIVISION OF RESPONSIBILITY: Human Resource Services DATE OF LAST REVISION: June 15, 2018 DISCLAIMER PURSUANT TO SECTION 41-1-110
More informationPUBLIC RECORDS POLICY OF COVENTRY TOWNSHIP, SUMMIT COUNTY
PUBLIC RECORDS POLICY OF COVENTRY TOWNSHIP, SUMMIT COUNTY Resolution No. 071108-07 Introduction: It is the policy of Coventry Township in Summit County that openness leads to a better informed citizenry,
More informationELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC
ELECTRONIC TRANSACTIONS TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC This Electronic Transactions Trading Partner Agreement, ("Agreement") is entered into by and between you "Direct
More informationFrequently Asked Questions for Municipalities LOCAL GOVERNMENT BODIES RECORDS
Frequently Asked Questions for Municipalities The Freedom of Information and Protection of Privacy (FOIP) Act aims to strike a balance between the public s right to know and the individual s right to privacy,
More informationUCL Freedom of Information Policy
LONDON S GLOBAL UNIVERSITY UCL Freedom of Information Policy University College London Document Summary Document ID Status Information Classification Document Version TBD Approved Public Endorsed by the
More informationTHE ERIE WESTERN-PENNSYLVANIA PORT AUTHORITY RULES AND REGULATIONS GOVERNING THE RELEASE OF PUBLIC RECORDS UNDER THE PENNSYLVANIA RIGHT-TO-KNOW LAW
THE ERIE WESTERN-PENNSYLVANIA PORT AUTHORITY RULES AND REGULATIONS GOVERNING THE RELEASE OF PUBLIC RECORDS UNDER THE PENNSYLVANIA RIGHT-TO-KNOW LAW These Rules and Regulations are intended to aid in compliance
More informationPODIATRY RESIDENCY RESOURCE, INC. END USER SOFTWARE LICENSE AGREEMENT. IMPORTANT-READ CAREFULLY BEFORE USING THE Podiatry Residency Resource SOFTWARE.
PODIATRY RESIDENCY RESOURCE, INC. END USER SOFTWARE LICENSE AGREEMENT IMPORTANT-READ CAREFULLY BEFORE USING THE Podiatry Residency Resource SOFTWARE. THIS LICENSE AGREEMENT (THE "AGREEMENT") CONSTITUTES
More informationHIPAA Enforcement Rule. Aimee Wall Health Directors Legal Conference Institute of Government April 20, 2006
HIPAA Enforcement Rule Aimee Wall Health Directors Legal Conference Institute of Government April 20, 2006 Refresher Course Congress passed HIPAA in 1996 Various HIPAA rules adopted establishing national
More informationFINAL RULES: Long-Term Care Ombudsman Program 1
FINAL RULES: Long-Term Care Ombudsman Program 1 REGULATORY LANGUAGE AND PERTINENT PREAMBLE LANGUAGE *Note: Effective July 1, 2016 the Administration for Community Living (ACL) consolidated their regulations
More informationDEPARTMENT OF DEFENSE BILLING CODE Defense Contract Audit Agency (DCAA) Privacy Act Program
This document is scheduled to be published in the Federal Register on 02/06/2014 and available online at http://federalregister.gov/a/2014-01882, and on FDsys.gov DEPARTMENT OF DEFENSE BILLING CODE 5001-06
More informationHIPAA COLLABORATIVE OF WISCONSIN LAW ENFORCEMENT GRID Updates
HIPAA COLLABORATIVE OF WISCONSIN LAW ENFORCEMENT GRID Updates 6/20/2005: Animal Bites Edits to Reporting column and added Appendix B. Law Enforcement 6/202005 DISCLAIMER: This Preemption Analysis is Copyright
More informationLauren Ordner, MS, LPC 1220 State Route 31 N, Suite 17 Lebanon, New Jersey (908)
Lauren Ordner, MS, LPC 1220 State Route 31 N, Suite 17 Lebanon, New Jersey 08833 (908) 210 3086 LaurenOrdner@gmail.com www.laurenordnerlpc.com Notice of Privacy Practices Receipt and Acknowledgment of
More informationPERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE
PERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE The personal information on this questionnaire, including your opinions, is collected under the authority of section 33(c) of the Freedom of Information
More informationKENTUCKY OPEN MEETING LAW
OPEN MEETINGS LAW/KENTUCKY Current Law as of July, 2012 KRS 61.800 61.800 Legislative statement of policy The General Assembly finds and declares that the basic policy of KRS 61.805 to 61.850 is that the
More informationFREEDOM OF INFORMATION ACT (FOIA) PROCEDURES AND GUIDELINES
FREEDOM OF INFORMATION ACT (FOIA) PROCEDURES AND GUIDELINES Written Requests 1. A request desiring to inspect or receive a copy of a public record shall be made in writing addressed to the Freedom of Information
More informationBILL NO. 42. Health Information Act
HOUSE USE ONLY CHAIR: WITH / WITHOUT 4th SESSION, 64th GENERAL ASSEMBLY Province of Prince Edward Island 63 ELIZABETH II, 2014 BILL NO. 42 Health Information Act Honourable Doug W. Currie Minister of Health
More informationBeth S. Dixon District Court Judge District 19C
Beth S. Dixon District Court Judge District 19C beth.s.dixon@nccourts.org 704-797-3089 Why Are There Confidentiality Rules? Valuable to deal with the stigma of addiction Designed to encourage substance
More informationNavajo Children s Code Rules of Procedure
Navajo Children s Code Rules of Procedure Cite as N.N.C.C.R.P. These rules were adopted by Order of the Navajo Nation Supreme Court (No. SC-SP-01-95) on October 4, 1995, and became effective on November
More informationFREEDOM OF INFORMATION/PRIVACY ACT POLICIES AND PROCEDURES WITHIN THE OFFICE OF THE JUDGE ADVOCATE GENERAL
DEPARTMENT OF THE NAVY OFFICE OF THE JUDGE ADVOCATE GENERAL 1322 PATTERSON AVENUE SE SUITE 3000 WASHINGTON NAVY YARD DC 20374-5066 IN REPLY REFER TO JAGINST 5720. 3A Code 13 26 April 2004 JAG INSTRUCTION
More informationApproved: Effective: May 18, 2018 Review: December 27, 2016 Office: Director of Administration Topic No.: l MEMBERSHIP DUES
Approved: Effective: May 18, 2018 Review: December 27, 2016 Office: Director of Administration Topic No.: MEMBERSHIP DUES AUTHORITY: Sections 20.23 (3)(a), and 334.048(3), Florida Statutes (F.S.) REFERENCES:
More informationHospital and Law Enforcement Guide to Health Care Related Disclosure Eighth Edition November 2017
Hospital and Law Enforcement Guide to Health Care Related Disclosure Eighth Edition November 2017 4812-5976-8131.03 TABLE OF CONTENTS INTRODUCTION...1 SCOPE AND FOCUS OF THE GUIDE...1 FREQUENTLY USED TERMS...2
More informationAGREEMENT BETWEEN KIDS IN DISTRESS, INC., AND BROWARD COUNTY FOR SUBSTANCE ABUSE SERVICES Contract Number: KID-BARC-CFS-2017
Exhibit 2 AGREEMENT BETWEEN KIDS IN DISTRESS, INC., AND BROWARD COUNTY FOR SUBSTANCE ABUSE SERVICES Contract Number: KID-BARC-CFS-2017 This is an Agreement ("Agreement"), made and entered into by and between
More informationEXECUTIVE ORDER (Revised )
EXECUTIVE ORDER 2012-03 (Revised 6-29-12) WHEREAS, Governor Markell in Executive Order No. 31 issued a uniform state-wide FOIA policy and encouraged all local governments to reevaluate their FOIA policies
More informationThe Health Information Protection Act
1 The Health Information Protection Act being Chapter H-0.021* of the Statutes of Saskatchewan, 1999 (effective September 1, 2003, except for subsections 17(1), 18(2) and (4) and section 69) as amended
More informationProvider Electronic Trading Partner Agreement
This Electronic Trading Partner Agreement ( Agreement ) is entered into as of the Day day of, 20 ( Effective Date ), by and between Blue Cross Month Year and Blue Shield of South Carolina and its subsidiaries,
More informationPage M.1 APPENDIX M NOAA ADMINISTRATIVE ORDER
Page M.1 APPENDIX M NOAA ADMINISTRATIVE ORDER 216-100 Page M.2 Page M.3 NOAA Administrative Order 216-100 PROTECTION OF CONFIDENTIAL FISHERIES STATISTICS SECTION 1. PURPOSE..01 This Order: a. prescribes
More informationEARLY INTERVENTION SERVICES INTERAGENCY AGREEMENT BETWEEN LAKE STEVENS SCHOOL DISTRICT AND SNOHOMISH COUNTY
EARLY INTERVENTION SERVICES INTERAGENCY AGREEMENT BETWEEN LAKE STEVENS SCHOOL DISTRICT AND SNOHOMISH COUNTY This Interagency Agreement (the "Agreement") is made by and between Snohomish County, a political
More informationH.R./S. In the A BILL. To protect the privacy of personal information of consumers, the promotion
1 11 TH CONGRESS SESSION H.R./S To ensure the privacy of personal information, the protection of consumers, and the promotion of innovation. In the A BILL To protect the privacy of personal information
More informationIndividual Rights (Data Privacy) Policy
October 2017 Please see the cover sheet to the Information Policies on the Staff Intranet and Board Intelligence. Individual Rights (Data Privacy) Policy 1. Introduction 1.1 UK data protection law gives
More informationMUNICIPAL IMMIGRANT PROTECTION ORDINANCE
MUNICIPAL IMMIGRANT PROTECTION ORDINANCE FOR RHODE ISLAND CITIES AND TOWNS PREAMBLE WHEREAS, [Municipality] is dedicated to providing all of its residents fair and equal access to services, opportunities
More informationGeneral Conditions for Non-Construction Contracts Section I (With or without Maintenance Work)
General Conditions for Non-Construction Contracts Section I (With or without Maintenance Work) U.S. Department of Housing and Urban Development Office of Public and Indian Housing Office of Labor Relations
More informationPERSONAL INFORMATION PROTECTION ACT
Province of Alberta Statutes of Alberta, Current as of December 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer Suite 700, Park Plaza 10611-98 Avenue Edmonton,
More informationCHAPTER 44 HOUSE BILL 2434 AN ACT
House Engrossed State of Arizona House of Representatives Fifty-third Legislature Second Regular Session 0 CHAPTER HOUSE BILL AN ACT AMENDING SECTION -.0, ARIZONA REVISED STATUTES; AMENDING TITLE, ARIZONA
More informationSecurity Breach Notification Chart
Security Breach Notification Chart Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes
More informationACCESS TO INFORMATION AND PROTECTION OF PRIVACY ACT CONSOLIDATION OF ACCESS TO INFORMATION AND PROTECTION OF PRIVACY REGULATIONS R
ACCESS TO INFORMATION AND PROTECTION OF PRIVACY ACT CONSOLIDATION OF ACCESS TO INFORMATION AND PROTECTION OF PRIVACY REGULATIONS In force December 31, 1996 (Current to: November 29, 2011) AS AMENDED BY
More information