Introduction to Health Insurance Portability and Accountability Act (HIPAA): How It Affects Law Enforcement. Prepared by:

Similar documents
Law Enforcement Access to Patients and Information

Hospital and Law Enforcement Guide to Health Care Related Disclosure Eighth Edition November 2017

Disclosing Medical Information to Law Enforcement Officials WENDY S. CEDOZ, J.D., RN CHIEF LEGAL OFFICER/GENERAL COUNSEL GENESIS HEALTHCARE SYSTEM

Cops and Docs: Law Enforcement Access to Patients and Information

FEDERAL LAWS. 45 CFR Uses and disclosures for which an authorization or opportunity to agree or object is not required.

Working with Police. Jesstina McFadden Alissa Raphael

CODE OF CRIMINAL PROCEDURE TITLE 1. CODE OF CRIMINAL PROCEDURE CHAPTER 49. INQUESTS UPON DEAD BODIES

[Second Reprint] SENATE, No STATE OF NEW JERSEY. 212th LEGISLATURE INTRODUCED OCTOBER 16, 2006

INDIANA. Burns Ind. Code Ann Conditions for compensation or reimbursement

PETITION FOR INVOLUNTARY EXAMINATION ON EX PARTE ORDER

HIPAA COLLABORATIVE OF WISCONSIN LAW ENFORCEMENT GRID Updates

HOMICIDE INVESTIGATION CHECKLIST. a. Conscious Victim - If victim is conscious, attempt to obtain the following information:

S10A0994. BAKER et al. v. WELLSTAR HEALTH SYSTEMS, INC. et al. This action originated with a medical malpractice complaint filed on

Expanding Your Program Beyond the Traditional SANE Program

Disclosure of Personal Health Information to Police

CODE OF CRIMINAL PROCEDURE TITLE 1. CODE OF CRIMINAL PROCEDURE CHAPTER 49. INQUESTS UPON DEAD BODIES

Peg Schmidt, RHIA CHPS and Amy Derlink, RHIA, CHA April 10, 2015

EXHIBIT G PRIVACY AND INFORMATION SECURITY PROVISIONS

ETHICS ATTORNEYS JUVENILE RECORDS WHERE DOES ALL THIS STUFF GO?

HIPAA Compliance During Litigation and Discovery

Model Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT

State of Minnesota HOUSE OF REPRESENTATIVES

Law Enforcement Request for Personal Information Procedures - What to do When a Police Officer Asks for Information

Check Permit Type MINNESOTA UNIFORM FIREARM APPLICATION/RECEIPT PERMIT TO PURCHASE/TRANSFER (TYPE OR PRINT ONLY)

What is Left of State Privacy Laws: Louisiana, New Mexico, Oklahoma & Texas

Investigating Privacy Breaches under HITECH and HIPAA

MINNESOTA UNIFORM FIREARM APPLICATION PERMIT TO CARRY A PISTOL (TYPE OR PRINT ONLY) THIS APPLICATION MUST BE SUBMITTED IN PERSON

X

Authorised Version No Coroners Act No. 77 of 2008 Authorised Version incorporating amendments as at 1 August 2013 TABLE OF PROVISIONS

NATIONAL INSTRUCTION 2 of 2013 THE MANAGEMENT OF FINGERPRINTS, BODY-PRINTS AND PHOTOGRAPHIC IMAGES

Criminal History Record

NOTICE TO THE INDIVIDUAL SIGNING THE ILLINOIS STATUTORY SHORT FORM POWER OF ATTORNEY FOR HEALTH CARE:

Sub. for HB 2183 enacts and amends several provisions in Kansas law related to the Department of Health and Environment (KDHE). Generally, the bill:

MINNESOTA UNIFORM FIREARM APPLICATION PERMIT TO CARRY A PISTOL (TYPE OR PRINT ONLY) THIS APPLICATION MUST BE SUBMITTED IN PERSON

Marc D. Goldstone, Esq.

NOTICE TO THE INDIVIDUAL SIGNING THE ILLINOIS STATUTORY SHORT FORM POWER OF ATTORNEY FOR HEALTH CARE

BALTIMORE CITY SCHOOLS Baltimore School Police Force DOMESTIC VIOLENCE

MINNESOTA UNIFORM FIREARM APPLICATION/RECEIPT PERMIT TO PURCHASE/TRANSFER (TYPE OR PRINT ONLY)

Breach Notification and Enforcement

ILLINOIS STATUTORY SHORT FORM POWER OF ATTORNEY FOR HEALTH CARE

BEFORE THE NORTH CAROLINA MEDICAL BOARD. This matter is before the North Carolina Medical Board STATUTORY AUTHORITY

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

Lauren Ordner, MS, LPC 1220 State Route 31 N, Suite 17 Lebanon, New Jersey (908)

10. The applicant must be of good moral character and reputation. 11. The applicant must have a satisfactory prior employment record.

Lika v Santos 2011 NY Slip Op 31228(U) April 28, 2011 Supreme Court, Richmond County Docket Number: /08 Judge: Joseph J. Maltese Republished

DURABLE POWER OF ATTORNEY FOR HEALTH CARE DECISIONS (Medical Power of Attorney) I,, born, designate

Interstate Commission for Adult Offender Supervision

SAMPLE. Medical Records and. Published by: the Court System. E-book Series, 3 of 12

DATA USE AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION

Dr. Richard M. Powers POWER OF ATTORNEY AND MEDICAL RELEASE

NOTICE TO THE INDIVIDUAL SIGNING THE ILLINOIS STATUTORY SHORT FORM POWER OF ATTORNEY FOR HEALTH CARE

POLICE AMENDMENT ACT 2003 BERMUDA 2003 : 7 POLICE AMENDMENT ACT 2003

General Records Schedule GS2 for Law Enforcement, Correctional Facilities and District Medical Examiners

GENERAL INFORMATION FOR THOSE SEEKING A PROTECTION FROM ABUSE ORDER

MICHIGAN WORKFORCE BACKGROUND CHECK CONSENT AND DISCLOSURE

New York Lawyers for the Public Interest Guidance to Nonprofits Regarding Immigration Enforcement

When completing the attached application form for:

This article may be cited as the Access to Justice Post-Conviction DNA Testing Act.

As Introduced. 132nd General Assembly Regular Session S. B. No Senator Coley Cosponsors: Senators Lehner, Terhar A B I L L

CITY OF MESQUITE BUSINESS LICENSE DIVISION

BEFORE THE NORTH CAROLINA MEDICAL BOARD. This matter is before the North Carolina Medical Board. on the application of Brent Ashley Westbrook, P.A.

Patient Any person who consults or is seen by a physician to receive medical care

BUSINESS ASSOCIATE AGREEMENT WITH COVERED ENTITY

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

INSTRUCTIONS FOR FLORIDA SUPREME COURT APPROVED FAMILY LAW FORM (f) PETITION FOR INJUNCTION FOR PROTECTION AGAINST REPEAT VIOLENCE (11/15)

IN THE CIRCUIT COURT OF THE SECOND JUDICIAL CIRCUIT COUNTY, ILLINOIS. PEOPLE OF THE STATE OF ILLINOIS ) ) v. ) Case No. ) ) ) ) Defendant )

Right to Request Access to Designated Record Set

Chapter 3 - General Institution

[Enter Organization Logo] DISCLOSURES OF SUBSTANCE USE DISORDER PATIENT RECORDS. Policy Number: [Enter] Effective Date: [Enter]

CHECKLIST OF DOCUMENTS NEEDED FOR THE TEACHER/LIBRARIAN RELATED SERVICES/ADMINISTRATOR CERTIFICATION IN THE CNMI

The Complainant submits this complaint to the Court and states that there is probable cause to believe Defendant committed the following offense(s):

Sales Order (Processing Services)

Although we encourage your participation during the presentation, it is entirely voluntary.

COUNTY SHERIFF S OFFICE SERVICE INFORMATION FOR INJUNCTIONS FOR PROTECTION

CONNECTICUT SEX-OFFENDER REGISTRATION AND NOTIFICATION

POWER OF ATTORNEY: CARE AND CUSTODY OF CHILD OR CHILDREN

TRICARE Operations Manual M, April 1, 2015 Administration. Chapter 1 Section 5

NORTH CAROLINA GENERAL ASSEMBLY 1973 SESSION CHAPTER 1286 HOUSE BILL 256 AN ACT TO AMEND THE LAWS RELATING TO PRETRIAL CRIMINAL PROCEDURE.

PETITIONER'S RESPONSIBILITIES - HAL MARCHMAN ACT

Legal and Ethical Considerations (Chapter 3- Mosby s Dental Hygiene)

BUSINESS ASSOCIATE AGREEMENT

The Complainant submits this complaint to the Court and states that there is probable cause to believe Defendant committed the following offense(s):

GRANDVUE MEDICAL CARE FACILITY APPLICATION FOR EMPLOYMENT

Florida Department of Agriculture and Consumer Services Division of Licensing

Beth S. Dixon District Court Judge District 19C

Secondhand Dealer / Pawnbroker License

TITLE 13 CHAPTER 36 CORONERS PART I. GENERAL PROVISIONS

I. DECLARATION RELATING TO LIFE-SUSTAINING PROCEDURES

Strasburg Police Department 358 Fifth St. S.W. Strasburg, Ohio Phone (330) / Fax (330)

HUMAN TISSUE AND ORGAN DONATION ACT

BUSINESS ASSOCIATE AGREEMENT (BETWEEN GIOSTARCHICAGO.COM AND GIOSTARORTHOPEDICS.COM AND GODADDY)

UNMIK REGULATION NO. 2003/12 ON PROTECTION AGAINST DOMESTIC VIOLENCE

Subject DOMESTIC VIOLENCE. 1 July By Order of the Police Commissioner

Statutes of the Republic of Korea ACT ON USE AND PROTECTION OF DNA IDENTIFICATION INFORMATION

MEMORANDUM OF UNDERSTANDING BETWEEN WESTERN CAPE DEPARTMENT OF HEALTH AND SOUTH AFRICAN POLICE SERVICE (WESTERN CAPE)

The Complainant submits this complaint to the Court and states that there is probable cause to believe Defendant committed the following offense(s):

432 Act LAWS OF PENNSYLVANIA. No AN ACT

Amory Police Department Chief Ronnie Bowen, 200 South Front Street, Amory, MS (662) FAX (662)

Arrest and Interrogation

Transcription:

Introduction to Health Insurance Portability and Accountability Act (HIPAA): How It Affects Law Enforcement Prepared by: Toni Smith Assistant City Attorney 2012

Introduction In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress to protect consumers health information, allow consumers greater access and control to such information, enhance health care, and create a national framework for health privacy protection. Privacy regulations were promulgated by the Department of Health and Human Services on December 20, 2000 directing covered entities on the use and disclosure of personal health information. All covered entities were to have complied with HIPAA by April 14, 2003. Covered entities are defined as health care clearinghouses, health plans, or any health care provider who transmits health care information electronically. Protected Health Information (PHI), referred to below, is defined as individually identifiable health information transmitted by electronic media, maintained in any medium described in the definition of electronic media or transmitted or maintained in any other form or medium. Permitted Disclosures to Law Enforcement In order to receive PHI from a covered entity, a law enforcement officer must establish his identity and authority to receive the information. If requesting in person, the officer must present an agency identification badge or other official credentials, or proof of government status. If the request is in writing, agency letterhead is acceptable proof of identification. An officer must also provide a written statement of legal authority under which the information is requested. An oral statement of such authority is sufficient if a written statement is not practical. A request is assumed to have authority if it is made pursuant to legal process, warrant, subpoena, order or other legal process issued by a grand jury or a judicial or administrative tribunal. After a law enforcement officer has established his identity and authority, he can receive PHI only in the following circumstances: 1. Pursuant to legal process. PHI may be disclosed to the extent required by the following types of legal process: A. a court order, warrant, subpoena or summons issued by a judicial official; B. a grand jury subpoena; or C. an administrative request, including an administrative subpoena or summons, a civil or an authorized administrative demand, or similar process authorized by law if the following conditions are met: i. the information sought is relevant and material to a legitimate law enforcement inquiry; ii. the request is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the information is sought; and iii. and de-identified information could not reasonably be used. 2. When otherwise required by law.

For example, N.C.G.S. 90-21.20 requires physicians and administrators of medical facilities to report bullet and gunshot wounds, powder burns, injuries appearing to arise from the discharge of a firearm, illnesses apparently caused by poisoning, wounds or injuries apparently caused by a knife or sharp or pointed instrument if it appears that a criminal act was involved, and every wound, injury or illness in which there was grave bodily harm or grave illness that may have been caused by criminal acts of violence. While HIPAA only permits these disclosures, state law requires them. Thus, in order to comply with state law, a covered entity must make a report to local law enforcement when they treat a patient for one of the illnesses or injuries named in the statute. (Note that the section of HIPAA which allows these types of disclosures does not include laws related to the reporting of child abuse or neglect, or other victims of abuse, neglect or domestic violence. Disclosures related to these types of incidents may be permitted, but by different sections of HIPAA, which are discussed more fully below). 3. For identification and location purposes. A covered entity may disclose PHI in response to a law enforcement official s request for such information for the purpose of identifying or locating a suspect, fugitive, material witness, or missing person. The covered entity may only disclose though the following information: A. name and address; B. date and place of birth; C. social security number; D. ABO blood type and rh factor; E. type of injury; F. date and time of treatment; G. date and time of death, if applicable; and H. a description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair, scars and tattoos. PHI related to the individual s DNA or DNA analysis, dental records, or typing, samples or analysis of body fluids or tissue may not be released pursuant to this exception. 4. Victims of crime. A covered entity may disclose PHI about an individual who is suspected to be a victim of crime if: A. the victim consents; or B. the victim is unable to consent because of incapacity or other emergency circumstance and all of the following conditions are met: i. the law enforcement official represents that such information is needed to determine whether a violation of law by a person other than the victim has occurred, and such information is not intended to be used against the victim; ii. the law enforcement official represents that immediate law enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure; and

iii. the covered entity, in the exercise of professional judgment, determines the disclosure is in the best interests of the individual. Again, note this particular section of HIPAA does not apply to suspected victims of child abuse or neglect, or other suspected victims of abuse, neglect or domestic violence. Disclosures related to these types of incidents may be permitted, but by different sections of HIPAA, which are discussed more fully below. 5. Victim deceased. A covered entity may disclose PHI about an individual who has died to a law enforcement official for the purpose of alerting law enforcement of the death of the individual if the covered entity suspects that the death resulted from criminal conduct. 6. Crime occurred on premises of covered entity. A covered entity may disclose to a law enforcement official PHI that the covered entity believes in good faith constitutes evidence of criminal conduct that occurred on the premises of the covered entity. 7. Reporting crime in emergency. A covered health care provider providing emergency health care in response to a medical emergency, other than an emergency on the provider s own premises, may disclose PHI to a law enforcement official if the disclosure appears necessary to alert law enforcement to: A. the commission and nature of a crime; B. the location of such a crime or the victims of such a crime; and C. the identity, description and location of the perpetrator of such crime. Again, note this particular section of HIPAA does not apply if the health care provider believes that the medical emergency described above is the result of abuse, neglect or domestic violence. Disclosures related to these types of incidents may be permitted, but by different sections of HIPAA, which are discussed more fully below. 8. Victims of child abuse and neglect. A covered entity may disclose PHI to a government agency authorized by law to receive reports of child abuse or neglect. Note that N.C.G.S. 90-21.20 requires physicians and administrators of medical facilities to report cases involving recurrent illness or serious physical injury to any child under the age of 18 where the illness or injury appears to be the result of non-accidental trauma. While HIPAA only permits these disclosures, state law requires them. Thus, in order to comply with state law, a

covered entity must make a report to local law enforcement cases of recurrent child injuries or illnesses that appear to be the result of non-accidental trauma. 9. Other victims of abuse, neglect or domestic violence. A covered entity may disclose PHI about other victims of abuse, neglect or domestic violence to a government authority authorized by law to receive such reports: A. if the individual consents; or B. to the extent the disclosure is expressly authorized by statute or regulation and: i. the covered entity, in the exercise of professional judgment, believes the disclosure is necessary to prevent serious harm to the individual or other potential victims; or ii. if the individual is unable to consent due to incapacity, a law enforcement officer represents that the PHI sought is not intended to be used against the individual and that an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure. Again, note that N.C.G.S. 90-21.20 requires physicians and administrators of medical facilities to report bullet and gunshot wounds, powder burns, injuries appearing to arise from the discharge of a firearm, illnesses apparently caused by poisoning, wounds or injuries apparently caused by a knife or sharp or pointed instrument if it appears that a criminal act was involved, and every wound, injury or illness in which there was grave bodily harm or grave illness that may have been caused by criminal acts of violence. While HIPAA only permits these disclosures, state law requires them. Thus, in order to comply with state law, a covered entity must make a report to local law enforcement when they treat a patient for one of the illnesses or injuries named in the statute. Conclusion In its zeal to comply with HIPAA provisions, the health care community has created restrictive policies, many of which are more stringent than required by law. Therefore, officers are likely to have the most success in obtaining and utilizing PHI if they are acting pursuant to state statutes which require disclosure, or if they have first obtained legal process such as a warrant, subpoena or court order.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback