This article, published in the January 2008 issue of Compliance Today appears here with permission from the Health Care Compliance Association. Please call HCCA at 888/580-8373 with reprint and copy requests. Volume Ten Number One January 2008 Published Monthly visit www.compliance-institute.org HIPAA’s Privacy Regulations: Appropriate safeguard, Meet HCCA’s 5,000 th Member Libby Easton-May unmanageable Director of Compliance, Operations & Marketing, obstacle, or WellPoint Senior Business Division page 14 convenient scapegoat? Also: page 4 When worlds collide: Health care Feature Focus: Review of the OIG compliance and Work Plan FY 2008 union work force page 32 page 44
Health Care Compliance Association • 888-580-8373 • www.hcca-info.org Tie Privacy Regulations enumerate a number by creating a minimum level of protection Privacy Regulations create a privacy “fmoor” applying the Privacy Regulations are: (1) the important considerations in analyzing and serious threat to health or safety). Two other and administrative proceedings, to avert tion (e.g., as required by law, for judicial stances under which PHI can be used or of additional exceptions to the authorization health care operations of the covered entity. more restrictive standards, and (2) the Privacy for the purposes of treatment, payment, and authorization, except for uses and disclosures an individual’s PHI without the individual’s care clearinghouses) cannot use or disclose basic premise is that covered entities (e.g., iterations of the Privacy Regulations, the Privacy Regulations and the voluminous Although it is impossible to condense the in compliance with the Privacy Regulations. and appropriate uses and disclosures of PHI for PHI, and covered entities are free to use Regulations permit the uses and disclosures will provide some suggestions for maintaining and broad perception in our meetings… disclosures of PHI. consequence of preventing permitted uses and Privacy Regulations have had the unintended the requirements. Tius, in many cases, the interpretations (or misinterpretations) of ing the regulations, have led to conservative inconsistent interpretation of the Privacy sharing.” Tie result of this confusion and regulations impede appropriate information tions about state and federal privacy laws and Presidential Report found a “consistent theme of PHI described above, but generally do not actions under the Privacy Regulations. Tie tations and understandings of permissible for additional fmexibility, but they also create be used or disclosed. Tiese standards allow determining when and how much PHI may steps or use “professional judgment” in require covered entities to take “reasonable” grant fmexibility by creating standards that In some instances, the Privacy Regulations or disclosures of PHI. the delicate balance between patient privacy commentary surrounding the numerous handling requests for PHI. Finally, this article For example, the Report to the President on The Presidential Report concluded that June 13, 2007, touched on HIPAA issues. U.S. Department of Justice and issued on Education, and the Attorney General of the and Human Services, the Department of nient scapegoat for covered entities to use in (the “Presidential Report”), prepared by the Issues Raised by the Virginia Tech Tragedy revisit the Privacy Regulations are growing. dress the diffjcult balance among privacy, interested parties regarding the need to “Privacy Regulations”), calls from various the Virginia Tech incident and recent media return to public consciousness. In light of Accountability Act of 1996 (HIPAA) to under the Health Insurance Portability and ance with the privacy regulations he tragedy at Virginia Tech in April reached by telephone at 614/469-3939 or by Secretaries of the U.S. Department of Health security and ensuring that people in need struck are correctly calibrated or whether information (PHI), an unmanageable obstacle areas of complaint or misunderstanding and of the Privacy Regulations that are common Tiis article will highlight several provisions made.” fectively decisions that have already been an appropriate safeguard for protected health examine whether the Privacy Regulations are on whether the balances that have been such as Virginia Tech sharpen their focus in the coming months, as tragic events they may be revisiting their approach HIPAA ’s Privacy regulations: Appropriate safeguard, requirements that address specifjc circum - unmanageable disclosed without the individual’s authoriza - obstacle, or convenient scapegoat? By Jeffrey L. Kapp, Esq. Editor’s note: Jefgrey L. Kapp is a partner in the Columbus, OH offjce of Jones Day. He may be e-mail at jlkapp@jonesday.com. there is a need to implement more ef - require that covered entities make such uses T 2007 caused the issue of compli - attention involving episodes of misapplica - tion of HIPAA’s privacy regulations 1 (the to appropriate sharing of PHI, or a conve - confusion, ambiguity, and difgering interpre - that this confusion and difgering interpreta - Background Regulations, coupled with the fear of violat - “States, which have long sought to ad - health care providers, health plans, and health receive appropriate care, also report that January 2008 4
Recommend
More recommend
