Presenting a live 90-minute webinar with interactive Q&A Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and Security Issues THURSDAY, MAY 21, 2015 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Adria Warren, Partner, Foley & Lardner , Boston Chanley T . Howell, Partner, Foley & Lardner, Jacksonville, Fla. Sara J.B. English, CIPP/US, Partner, Kutak Rock LLP , Omaha, Ne The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .
Tips for Optimal Quality FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-927-5568 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.
Continuing Education Credits FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: In the chat box, type (1) your company name and (2) the number of • attendees at your location Click the SEND button beside the box • In order for us to process your CLE, you must confirm your participation by completing and submitting an Official Record of Attendance (CLE Form) to Strafford within 10 days following the program. The CLE form is included in your dial in instructions email and in a thank you email that you will receive at the end of this program. Strafford will send your CLE credit confirmation within approximately 30 days of receiving the completed CLE form. For additional information about CLE credit processing call us at 1-800-926-7926 ext. 35.
Program Materials FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ symbol next to “Conference Materials” in the middle of the left - • hand column on your screen. • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon. •
Leveraging Big Data in Health care: Navigating HIPAA, Antitrust, Stark and AKS Compliance May 21, 2015 Sara English Chanley T. Howell Adria Warren Partner Partner Partner Kutak Rock LLP Foley & Lardner Foley & Lardner chowell@foley.com awarren@foley.com sara.english@kutakrock.com 5
Introduction to Big Data in Health care Improved Technologies (data storage, data mining, data sharing) U.S. Government Initiatives and Public/Private Opportunities (NIH’s “BD2K”) Enhanced Infrastructure and Capacity (EMRs) Expanding Health Care Operation Functions (data analytics) Proliferation of Web-based Technologies and Mobile Devices “Big Data” Legal Considerations – Technical, Institutional, ??????? Privacy and Security Laws Operational Challenges and Regulations $$$$$$$$ 6
Introduction to Big Data in Health Care Older people were less inclined to share anonymized health data, an NPR-Truven Health Analytics poll found. Poll: Most Americans Would Share Health Data for Research - Scott Hensley (Shots-Health News:NPR) January 9, 2015 Available at: http://www.npr.org/blogs/health/2015/01/09/375621393/poll-most-americans-would-share-health-data-for-research 7
Risk/Reward ► Quality and nature of the risks and rewards are different than other industries: − Patient outcomes are at stake. − PHI is always in-scope at some stage. − There are ethical and policy considerations. ► It is important to get it right. − Collection and use of Big Data is ubiquitous — and everyone is paying attention. − Failures are costly — violation of multiple legal regimes. 8
Risk/Reward ► Strategic and technical challenges — − Inherent to the “V’s” of Big Data: V olume V ariety V elocity V eracity ► Specifically, collecting quality data that is from reliable methods. ► Complying with all requirements that attach to the data. ► Maintaining a consistent institutional program. 9
Capstone: HIPAA ► Health Insurance Portability and Accountability Act (“HIPAA”): − Touches all aspects of most health care data. − Covered Entities and their Business Associates. ► Governs the use of PHI and establishes frameworks for nearly each step in the process. 10
Capstone: HIPAA Protected Health Information is broad. − The definition is based on IIHI: “Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and: (1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual .” 11
Capstone: HIPAA ► Generally, PHI may be used by the covered entity for Payment Treatment Health Care Operations ► Consent is not required for these three areas, but frequently sought. ► Uses of PHI outside of these categories require a written authorization (permission) from the patient. ► Consent Authorization. 12
State v. Federal Laws HIPAA provides a federal “floor” of privacy protections — and states are free to impose more stringent protections should they deem appropriate. ( See 45 C.F.R. § 160.203). 13
State Privacy & Security Laws: A Patchwork Quilt 50-State Survey – Disclaimer Survey was designed to provide an overview of applicable state law, limited to select state statutes. State administrative regulations, attorney general opinions, licensure board opinions, and court decisions may impact a state’s privacy regime. In that regard, the survey should be used for reference purposes only and not relied on as legal advice. 14
State Privacy & Security Laws: A Patchwork Quilt States that have worked to harmonize their regimes with HIPAA — compliance with HIPAA may constitute “deemed compliance” under equivalent state law — include: − Hawaii − Iowa − Kansas − Missouri − Ohio − West Virginia 15
State Privacy & Security Laws: A Patchwork Quilt States with relatively comprehensive, broad or stringent privacy regimes: − California (Cal. Civ. Code § 56.10) − Florida (Fla. Stat. § 381.026) − Illinois (410 Ill. Comp. Stat. § 50/3) − Maine (Me. Rev. Stat. Ann. Tit. 22, § 1711-C) − Massachusetts (111 Mass. Gen. Laws ch. 70E) − New Hampshire (N.H. Rev. Stat. Ann. § 151:21) − Tennessee (Tenn. Code Ann. § 63-2-101) − Vermont (Vt. Stat. Ann. tit. 18, §§ 1852-1854) 16
State Privacy & Security Laws: A Patchwork Quilt “Patient Bill of Rights” − Florida : “Every patient who is provided health care services retains certain rights to privacy, which must be respected without regard to the patient’s economic status or source of payment for his or her care .”) (Fla. Stat. § 381.026) − Massachusetts : Every patient or resident of a facility shall have the right . . . to confidentiality of all records and communications to the extent provided by law .” (111 Mass. Gen. Laws ch. 70E) 17
State Privacy & Security Laws: A Patchwork Quilt Expansive Privacy Protections California Medical Information Act HIPAA (45 C.F.R. 160.103) (Cal. Civ. Code §§ 56.10 , 56.06 (2013)) • “Protected Health Information” • “Medical information” means any includes individually identifiable health individually identifiable information that (1) is created or information . . . in possession of or received by covered entities, (2) relates derived from a provider of health care, to past, present or future physical or health care service plan, pharmaceutical mental health or condition . . . company, or contractor regarding a patient’s medical history, mental or provision of healthcare . . . or payment for care and physical condition, or treatment. (3) identifies the individual, or with • Any business organized for the purpose which there is reasonable basis to of maintaining medical information in believe the information can be used to order to make the information identify the individual. available . . . shall be deemed a provider of health care. 18
Recommend
More recommend
