Community-Wide EHR Data and Patient Referrals A Legal Perspective

Similar documents
Paul Gregerson, MD MBA CMO JWCH Institute, Inc. September 18th, 2013 Irvine, CA

HIPAA Privacy Keys to Success Updated January 2010

HIPAA and HITECH Compliance for Cloud Applications

What Virginia s Free Clinics Need to Know About HIPAA and HITECH

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

Getting Hip to the HIPAA and HITECH Act Compliance

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

New Privacy Laws Impacting the Health Care Work Place

CHAPTER 535 HEALTH HOMES. Background Policy Member Eligibility and Enrollment Health Home Required Functions...

HIPAA PRIVACY AND SECURITY AWARENESS

PCPCC National Briefing/Webinar

Patient Privacy and HIPAA/HITECH

Health Information Privacy Refresher Training. March 2013

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Practices to Research Data in Light of HIPAA and ANPRM

HIPAA Security Rule Compliance

HIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.

The Family Counseling Center of Fulton County NOTICE OF PRIVACY PRACTICES

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

The Basics of HIPAA Privacy and Security and HITECH

HIPAA and Mental Health Privacy:

SAMPLE BUSINESS ASSOCIATE AGREEMENT

what your business needs to do about the new HIPAA rules

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles

ATLANTIS CHIROPRACTIC, INC.

NOTICE OF PRIVACY PRACTICES

Texas Medical Records Privacy Act

HIPAA Compliance and HIE

HIPAA Compliance Annual Mandatory Education

The benefits you need... from the name you know and trust

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

MCCP Online Orientation

Catholic Health HIPAA/ HITECH

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

How To Write A Community Based Care Coordination Program Agreement

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1

Somansa Data Security and Regulatory Compliance for Healthcare

Disclaimer: Template Business Associate Agreement (45 C.F.R )

NOTICE OF PRIVACY PRACTICES

OCR/HHS HIPAA/HITECH Audit Preparation

HIPAA and Privacy Policy Training

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

By the end of this course you will demonstrate:

The Importance of Sharing Health Information in a Healthy World

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

Dispelling the Myth that Regulatory Compliance is Inherently Addressed within Existing Controls June 27, 2012

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA Compliance for Students

HIPAA Privacy Regulations: Frequently Asked Questions

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

Maintaining the Privacy of Health Information in Michigan s Electronic Health Information Exchange Network. Draft Privacy Whitepaper

APPENDIX 1: Frequently Asked Questions

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

Signed into law on February 17, 2009, the Stimulus Package known

Why Lawyers? Why Now?

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies

Compliance Training for Medicare Programs Version 1.0 2/22/2013

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September Nashville Knoxville Memphis Washington, D.C.

BUSINESS ASSOCIATE AGREEMENT

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July Tex Med. 2012;108(7):33-37.

Isaac Willett April 5, 2011

HIPAA Privacy Rule Policies

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

HIPAA Compliance: Are you prepared for the new regulatory changes?

Medicare Advantage and Part D Fraud, Waste, and Abuse Training. October 2010

The High Cost of Low Quality

Harris County - Texas HIPAA Notice of Privacy Practices

Bridging the HIPAA/HITECH Compliance Gap

AHLA. BB. Accountable Care Organizations and the Medicare Shared Savings Program. Troy Barsky Crowell & Moring LLP Washington, DC

Medical Transportation Compliance. Mandated Compliance Guidance

This Notice describes Hill-Rom s practices regarding the use of your Protected Health Information, specifically including:

Business Associate Liability Under HIPAA/HITECH

HIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1

Secretary Sibelius and Assistant Secretary of Aging Kathy Greenlee.

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

HIPAA Violations Incur Multi-Million Dollar Penalties

Joe Dylewski President, ATMP Solutions

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

BUSINESS ASSOCIATE AGREEMENT

Transcription:

Community-Wide EHR Data and Patient Referrals A Legal Perspective Healthcare for the Homeless Association Henry C. Fader, Esq. Washington D.C. March 15, 2013 #17659225v.2

Today s Objectives Recognize the difficulties of coordinating care for the homeless within communities. Identify a system that can assist in patient tracking of acute care visits. Developing a method of securing appropriate referral resources. Analyze the legal issues involved in the sharing of community-wide information. 2

Project Background JWCH Institute, Inc. operates two Medical Respite Programs in addition to six health centers, two residential substance abuse treatment facilities, and HIV medical services and primary care satellite clinics. Founding member of Skid Row Homeless Healthcare Initiative. Medical Respite Care program assists recently hospital discharged homeless patients with recovery. 3

The Electronic Medical Home Project Prior to 2009, care for homeless persons on Skid Row was fragmented and not coordinated. In 2009, JWCH established the Center for Community Health (CCH), a private and public partnership that provides integrated care utilizing a single main medical and behavioral health medical record. Results so far: An unduplicated census of 11,509 patients has shown that they are more engaged in their care, are obtaining better treatment, and consider CCH to be their primary medical home. 4

The Electronic Medical Home Project Received funding from LA Care s Robert E. Tranquada, Health Care Safety Net Award to establish an electronic database to share data for care coordination. Open MRS selected as platform and customized as Open MRS-LA. Memorandum of Understanding executed among agencies governing use and maintenance of database and security of protected health information. 5

Importance of Community Engagement Public and Private Medical and Social Religious and Secular AIDS Healthcare Foundation Downtown Women s Center Homeless Health Care Los Angeles JWCH Medical Clinic at the Weingart Center L.A. Care Health Plan Los Angeles County Department of Health Services Los Angeles County Department of Mental Health Los Angeles County Department of Public Health Los Angeles Mission Los Angeles Mission Community Clinic Mental Health Advocacy Services of Los Angeles Midnight Mission QueensCare Family Clinics Skid Row Housing Trust Union Rescue Mission Weingart Center 6

Developing the Platform Project used community-developed, open-source enterprise electronic medical framework. Open MRS was developed by the Regenstrief Institute, Inc. of Indianapolis and Partners In Health of Boston to assist providers addressing the HIV/AIDS crisis in Africa. Sharing of source code increases transparency in software functionality, makes customization easier. 7

Memorandum of Understanding Patient Centric patient retains choice to participate Creation of Patient Client Record Restricted Access for Patient Care Notice of Privacy Practices Disclosures to family and friends involved in care Disclosure when required by law Disclosure for Public Health Disclosure to Law Enforcement 8

Memorandum of Understanding Separate Authorization for Disclosure to JWCH Separate Authorization for Permission for JWCH Disclosure to Others Ownership of Data as Intellectual Property v. Other Third Parties License of Database to each Agency JWCH Responsible for Data Security 9

Electronic Medical Home Implementation Execution of Memorandum of Understanding Workflow Integration Computer Workstation Verification Training Policies and Procedures 10

Electronic Medical Home Privacy and Security Concerns HIPAA consent forms Password protection Network-based intrusion detection Transmission encryption User activity logs retained indefinitely Disaster Recovery Penetration Testing 11

Developing Community-Wide Resources Vancouver Island Health Authority Full Service/Cross-Continuum EHR for the Entire Island Next Generation EHR with Decision Support Getting People Into Beds Covers Home, Community and Residential Care Matrices of Client Functionality and Clinical Availability 12

Vancouver Island Strata Pathways Develops descriptions of patients Develops express referral program inclusion/exclusion criteria Connecting People to Programs For example, mental health and addiction services are established by category SMI (serious mental illness) SPMI (serious and persistent mental illness) Severe Addictions SPMI plus substance abuse/addictions Psycho geriatric challenging dementias 13

Vancouver Island Strata Pathways Establishes a description of client functionality High risk intentional or functional impairments Homeless Cognitive impairments High medical co-morbidity Chronic relapsing Clinically volatile 14

Vancouver Island Strata Pathways Reports What Services Are Available For the Patient Crisis/Emergency Response Acute Care Specialized Addiction Services Ambulatory Services Case Management Services Support Housing/Residential Care Tertiary Residential Services Services outside Vancouver Island Health Services 15

Legal and Other Compliance Issues EMTALA IRS Section 501(r)(3): Community Health Needs Assessment Medicare Compliance Privacy/Security of Patient Information 16

Homelessness and EMTALA EMTALA (42 U.S.C. 1395dd): requires hospitals to provide emergency medical care without regard to citizenship, legal status or ability to pay. Significant exposure issue for hospitals. Hospitals and doctors that violate EMTALA are subject to fines of up to $50,000 per violation. Violators of EMTALA may be excluded from participation in the Medicare and Medicaid programs. Hospitals are also subject to civil lawsuits by patients for violations of the Act. 17

Internal Revenue Code Section 501(r)(3) Tax reporting requirements now include the necessity of nonprofit hospitals to prepare every 3 years a community health needs assessment (See Section 501(r)(3) of the Internal Revenue Code of 1986, as amended). To the extent that the homeless constitute a part of the service area of the hospital, the needs assessment should describe: what the organization is doing to meet those needs, and how it intends to implement programs or actions to alleviate the health problems of the community served. 18

Medicare Compliance Anti-Kickback Statute; False Claims Act Potential exposure for failure to discharge patients appropriately. Medicare Conditions of Participation COP violations can arise from the premature discharging of patients or for the discharge of patients to environments where the hospital knows the patient will be unable to follow his or her discharge plan. Readmission Regulations Hospitals with excessive readmissions of Medicare patients associated with acute myocardial infarction, heart failure and pneumonia within 30 days of hospital discharge will be financially penalized. 19

Homeless Patient Information and Privacy Concerns Transient patients often do not possess a valid record of their health information. To properly coordinate care for this population, health care providers must collect and share patients health information. State and federal law privacy protections (including HIPAA/HITECH) dictate required permissions and safeguards. 20

HIPAA/HITECH HIPAA/HITECH Penalties Civil monetary penalties increased under HITECH Tiers of civil penalties depending on violation Civil penalties can range from $100 - $50,000 per violation (annual aggregate of $1.5M) Criminal penalties Fines range from $50K for basic violations, imprisonment for one year or both to $250,000, ten-year imprisonment for up to 10 years or both for intent to sell, transfer or use PHI for commercial advantage 21

HIPAA/HITECH HIPAA/HITECH Protect privacy and security of protected health information ( PHI ), including information transmitted electronically Mandate breach notification Most common compliance complaints investigated Impermissible uses and disclosures of PHI Lack of safeguards of PHI Uses or disclosures of more than the Minimum Necessary Lack of patient access to PHI 22

State Law Privacy Protections State consumer protection and breach notification laws Protect confidentiality of consumer s personal information Require notice in the event of a breach of personal and/or medical information State laws governing confidentiality of medical information Place additional limits on the use and disclosure of patient medical information 23

Health Information Exchanges (HIEs) Electronic exchange of individual medical information among health care providers. HIPAA/HITECH regulations apply. State laws vary on the question of whether and what consent is necessary to exchange health information: No Choice Opt In (California) Opt Out Granular Consent (type of consent required varies based on the type of information or type of provider) 24

California Opt In: Patient must consent to have information shared. Exceptions Emergency situations-patient or representative is unable to give consent Mandatory public health and communicable disease reporting Revocation of Consent: Applies to information yet to be exchanged. 25

Summary It is possible to design systems to share information on homeless patients. Looking ahead, examine other opportunities to share resource data. Always keep a knowledgeable lawyer available. 26

Thank You! Henry C. Fader, Esq. Phone: 215.981.4640 Email: faderh@pepperlaw.com Twitter: @PhillyFader Corporate and health care partner in the Philadelphia office of Pepper Hamilton LLP; Chair of the firm s health care practice. Counsels clients with respect to organizational structures, governance and on the implementation of telemedical solutions and electronic health records and related regulatory, licensing, compliance and payment issues. 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information