Evolving Theories in HIPAA Enforcement Info Lock Healthcare
- Slides: 48
Evolving Theories in HIPAA Enforcement Info. Lock Healthcare Summit August 13, 2019
Agenda § Part I: HIPAA Civil and Criminal Enforcement − Limitations of HIPAA Jurisdiction − HIPAA Civil Enforcement − HHS Enforcement Jurisdiction − HIPAA Criminal Enforcement − DOJ Enforcement Memo INDICATED NON-INDICATED § Part II: Cases and Themes in DOJ Enforcement MUTATION; UNDER MUTATION; 12+ MUTATION; 12 12 − Traditional DOJ Enforcement: Identity Theft Cases − § § New Trends in Enforcement: Pharma Cases Part III: Use of Conspiracy Law Part IV: Concurrent Civil Jurisdiction HHS OCR and State Attorneys General FULL SERVICE § NON-INDICATED MUTATION; UNDER 12 − − − Authority Coordination with HHS OCR Trends in State AG Enforcement − − Disclaimer or “What were they thinking? !” History Food for thought Practical tips FULL SERVICE Part V: Enforcement Related to TV/Media 2
Part I: HIPAA Civil and Criminal Part I: HIPAA Civil Enforcement and Criminal Enforcement
Part I Agenda § Limitations of HIPAA Jurisdiction § HIPAA Civil Enforcement INDICATED MUTATION; 12 INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ § HHS Enforcement Jurisdiction NON-INDICATED MUTATION; UNDER 12 SERVICE FULL SERVICE §FULLHIPAA Criminal Enforcement § DOJ Enforcement Memo 4
HIPAA Civil Enforcement § HIPAA, GINA, and the HITECH Act § Social Security Act Sections 1171 -1180 (except Section INDICATED NON-INDICATED 1177) (42 U. S. C. § 1320 d-1 through d-9, except d-6) MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER 12 12 § HIPAA Privacy, Security, Breach Notification, and FULLEnforcement Rules SERVICE FULL SERVICE § Office for Civil Rights (OCR) 5
HIPAA Civil Enforcement HIPAA Privacy & Security Rule Complaint Process DOJ Complaint Accepted by DOJ Possible Criminal Violation INDICATED MUTATION; 12 Intake & Review INDICATED MUTATION; UNDER Possible 12 Privacy or Security Rule Violation FULL SERVICE NON-INDICATED MUTATION; 12+ Investigation FULL SERVICE Resolution ____________________ The violation did not occur after April 14, 2003 ____________________ Entity is not covered by the Privacy Rule ____________________ Complaint was not filed within 180 days and an extension was not granted ____________________ The incident described in the complaint does not violate the Privacy Rule NON-INDICATED MUTATION; UNDER Resolution 12 _____________ OCR finds no violation _____________ OCR obtains voluntary compliance, corrective action, or other agreement _____________ OCR issues formal finding of violation 6
HIPAA Civil Enforcement Date Name Amount Jan. 2018 Filefax, Inc (settlement) $100, 000 Jan. 2018 Fresenius Medical Care North America (settlement) $3, 500, 000 June 2018 MD Anderson (judgment) $4, 348, 000 Aug. 2018 INDICATED NON-INDICATED MUTATION; UNDER Boston Medical Center (settlement) MUTATION; 12+ 12 NON-INDICATED UNDER 12 $100, 000 MUTATION; Sep. 2018 Brigham and Women’s Hospital (settlement) $384, 000 Sep. 2018 Massachusetts General Hospital (settlement) $515, 000 FULL SERVICE Sep. 2018 Advanced Care Hospitalists (settlement) $500, 000 Oct. 2018 Allergy Associates of Hartford (settlement) $125, 000 Oct. 2018 Anthem, Inc (settlement) $16, 000 Nov. 2018 Pagosa Springs (settlement) $111, 400 Dec. 2018 Cottage Health (settlement) $3, 000 Total (settlements and judgment) $28, 683, 400 7
HIPAA Criminal Enforcement § Social Security Act Section 1177 Offense A person who knowingly and in violation of this part— INDICATED NON-INDICATED(1) uses or causes to be used a unique health identifier; NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER (2) obtains individually identifiable health information relating to an 12 12 individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). For purposes of FULL SERVICE the previous sentence, a person (including an employee or other individual) shall be considered to have obtained or disclosed individually identifiable health information in violation of this part if the information is maintained by a covered entity (as defined in the HIPAA privacy regulation described in section 1320 d– 9(b)(3) of this title) and the individual obtained or disclosed such information without authorization. 8
HIPAA Criminal Enforcement § Social Security Act Section 1177 (42 U. S. C. § 1320 d-6) Penalties INDICATED NON-INDICATED A person described in subsection (a) shall— NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER (1) be fined not more than $50, 000, imprisoned not more than 1 year, 12 12 or both; (2) if the offense is committed under false pretenses, be fined not FULL SERVICE more than $100, 000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250, 000, imprisoned not more than 10 years, or both. 9
HIPAA Criminal Enforcement § DOJ Enforcement of HIPAA INDICATED MUTATION; 12 INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ For the foregoing reasons, we conclude that FULL SERVICE covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U. S. C. § 1320 d-6 and that the "knowingly" element of the offense set forth in that provision requires only proof of knowledge of the facts that constitute the offense. UNDER 12 10
Part II: Cases and Themes in Part II: Cases and DOJ Enforcement Themes in DOJ Enforcement
Part II Agenda § Traditional DOJ Enforcement: Identity Theft Cases § New Trends in Enforcement: Pharma Cases INDICATED MUTATION; 12 FULL SERVICE INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 12
Identity Theft Cases § Insider Threat − Denetria Barnes (2013) – former Florida assisted living facility nursing assistant sentenced to 37 months in prison after pleading guilty to INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; several federal offenses, including conspiracy to defraud the U. S. 12 MUTATION; UNDER 12 12 government and wrongful disclosure of HIPAA protected information − Helene Michel (2013) – former owner of a Long Island, N. Y. medical FULL SERVICE supply company sentenced to 12 years imprisonment in a case that involved $10. 7 million in Medicare fraud, as well as criminal HIPAA violations 13
Identity Theft Cases § Celebrity Cases − Huping Zhou, M. D. (2010) – UCLA Healthcare System INDICATED NON-INDICATED surgeon sentenced to four months in prison after admitting MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER he illegally read private electronic medical records of 12 12 celebrities and others FULL SERVICE 14
Identity Theft Cases § Malicious Intent and Personal Gain − Linda Sue Kalina (March 2019) – pleaded guilty, facing potential maximum total sentence of 10 years imprisonment, $250, 000 fine, or both; sentencing scheduled for June 25, 2019 INDICATED NON-INDICATED − “In connection with the guilty plea, the court was advised that Linda INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER Sue Kalina worked, from March 7, 2016 through June 23, 2017, as a 12 12 Patient Information Coordinator with UPMC and its affiliate, Tri Rivers Musculoskeletal Centers (TRMC) in Mars, Pennsylvania, and that during her employment, contrary to the requirements of the Health Insurance FULL SERVICE Portability and Accountability Act (HIPAA) improperly accessed the individual health information of 111 UPMC patients who had never been provided services at TRMC. Specifically, on August 11, 2017, Kalina unlawfully disclosed personal gynecological health information related to two such patients, with the intent to cause those individuals embarrassment and mental distress. ” 15
Pharma Cases § Government has focused attention on improper use of patients’ PHI without authorization § Direct HIPAA charges not available against INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ pharmaceutical companies because they are not MUTATION; 12 MUTATION; UNDER 12 12 Covered Entities FULL SERVICE 16
Pharma Cases § Government increasingly pursuing HIPAA conspiracy charges against manufacturers and employees of manufacturers, and direct charges against physicians INDICATED − Dr. Rita MUTATION; 12 INDICATED NON-INDICATED Luthra (2018) – physician convicted for violating HIPAA by MUTATION; UNDER MUTATION; 12+ MUTATION; UNDER allowing a Warner Chilcott sales rep to access PHI and for lying to 12 12 federal investigators; sentenced to probation (government sought 21 months) FULL SERVICE − Dr. Eduardo Montaña (2018) – physician pleaded guilty to misdemeanor count of violating HIPAA, allowed Aegerion personnel to access his EMR system to search for candidates for Aegerion’s product; sentenced to 6 months probation 17
Pharma Cases − Aegerion (2018) – company charged with conspiracy to violate HIPAA for allegedly implementing strategy to obtain and use PHI without authorization to identify potential patients to increase sales; physician pleaded guilty in February 2018 for HIPAA violations related to INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER improperly sharing PHI with Aegerion employees 12 12 − Landon Eckles (November 2015) – former district manager for Warner Chilcott pled guilty to a HIPAA (non-conspiracy) charge; sentenced to one year probation and a fine of $10, 000 FULL SERVICE 18
Part III: Use of Part III: Use of Conspiracy Law
Part III Agenda § Evolving Prosecutorial Tools § Federal Criminal Conspiracy Laws §INDICATED Building a Conspiracy Case INDICATED MUTATION; 12 FULL SERVICE MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 20
Evolving Prosecutorial Charging Tools § Government increasingly pursuing HIPAA conspiracy charges against manufacturers and employees of manufacturers given challenges of charging non. INDICATED NON-INDICATED covered entities directly MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER 12 12 § “I do think it is an area that life sciences companies have to focus on. While manufacturers may not be FULL SERVICE covered entities, DOJ can certainly charge a conspiracy to violate HIPAA or some other criminal charges that loop in the manufacturers. ” – Mary Riordan, Senior Counsel, HHS-OIG, 2017 21
Federal Criminal Conspiracy Laws § Federal conspiracy laws − 18 U. S. C. § 371 – Conspiracy to commit offense or defraud United States − 18 U. S. C. § 1349 - Attempt or conspiracy to commit health care fraud § May charge instead of or in addition to 42 U. S. C. § 1320 d-6 INDICATED MUTATION; 12 FULL SERVICE INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 22
Building a Conspiracy Case § Requires establishing a non-covered entity (e. g. , pharma sales rep) willfully joined in conspiracy to accomplish unlawful purpose − Intent to agree INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ − Intent to commit substantive offense MUTATION; 12 12 NON-INDICATED MUTATION; UNDER 12 § Not sufficient to prove only that defendant acted in a way to further goals of conspiracy if such a conspiracy existed SERVICE FULL SERVICE §FULLFelony provision of 42 U. S. C. § 1320 d-6 requires an act for commercial advantage, personal gain, or malicious harm – but whose? Covered entity or pharma company? § Defenses – establish permissible sharing of PHI occurred − Treatment, payment, healthcare operations − Quality, safety or effectiveness of FDA-regulated products 23
Part IV: Concurrent Civil Jurisdiction HHS OCR and State Attorneys Part IV: Concurrent General Civil Jurisdiction HHS OCR and State Attorneys General
Part IV Agenda § Authority § Coordination with HHS OCR §INDICATED Trends in State AG Enforcement INDICATED NON-INDICATED MUTATION; 12 FULL SERVICE MUTATION; UNDER 12 MUTATION; 12+ NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 25
State AG Authority § The HITECH Act Section 13410(e) (42 U. S. C. 1320 d-5) § “…may bring a civil action on behalf of such residents of the State in a district court of the United States of INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER appropriate jurisdiction…” 12 12 FULL SERVICE 26
Coordination with HHS OCR § The HITECH Act Section 13410(e) (42 U. S. C. 1320 d-5) § “Notice to the Secretary. —The State shall service prior written notice of any action under Paragraph (1) upon INDICATED NON-INDICATED MUTATION; UNDER the Secretary and provide the Secretary with a copy of MUTATION; 12+ MUTATION; 12 MUTATION; UNDER 12 12 its complaint…” FULL SERVICE 27
Trends in State AG Enforcement § Data Privacy − October 12, 2018 - Aetna reached settlements with a number of state attorneys general over HIPAA violations resulting from mailings to HIV/AIDS and cardiac patients INDICATED NON-INDICATED • Connecticut, District of Columbia (DC), New Jersey, Washington NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER − Aetna agreements to pay: 12 12 • Connecticut approximately $100, 000 • DC around $175, 000 • New Jersey $365, 000 FULL SERVICE • Washington has not yet disclosed how much it will receive from Aetna − Aetna agreed to implement policy, protocol, and training reforms designed to safeguard individuals’ information, also agreed to hire an independent monitor 28
Trends in State AG Enforcement § Data Security − UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230, 000 to resolve claims that two separate healthcare data breaches exposed the information of more than 15, 000 Massachusetts residents INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 − MA Attorney General Maura Healey said facilities received complaints MUTATION; UNDER 12 12 that two employees separately accessed patients’ information for fraud, such as opening cell phone and credit card accounts • FULL SERVICE • Alleged that companies did not properly investigate the claims, discipline FULL SERVICE the employees involved in a timely manner, nor take any other action to safeguard the breached information Information exposed included patients’ names, addresses, Social Security numbers, clinical information, health insurance information − AG Healey alleged that UMass Memorial medical entities violated HIPAA, the Consumer Protection Act, and Massachusetts Data Security Law 29
Trends in State AG Enforcement § Multi-State Enforcement − Indiana Attorney General leading a multi-state civil lawsuit against Medical Informatics Engineering Inc. and No. More. Clipboard LLC, which sustained a data breach which compromised the data of more than 3. 9 NON-INDICATED million people INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER − “Hackers infiltrated a web application called Web. Chart, which is run by 12 12 MIE, between May 7 and May 26, 2015. The hackers stole electronic Protected Health Information, including names, phone numbers, mailing addresses, Social Security numbers, and usernames and FULL SERVICE passwords, among other types of information. ” − Alleges violations of HIPAA Rules, along with state claims including Unfair and Deceptive Practice Laws, Notice of Data Breach statutes, and state Personal Information Protection Acts − “Hill's office says it is the first time state attorneys general have joined to pursue a HIPAA-related data breach case in federal court. ” 30
Part V: Enforcement Related to Part V: Enforcement TV/Media Related to TV/Media
Part V Agenda § History § Food for thought § Practical tips INDICATED MUTATION; 12 FULL SERVICE INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 32
Selected History of Filming in Hospitals § ABC News − Save My Life: Boston Trauma (2015) - Boston Medical Center, Massachusetts General Hospital, Brigham & Women’s Hospital − NYMed (2014) - New York-Presbyterian Hospital, St. Luke’s-Roosevelt INDICATED Hospital and University Hospital Newark NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER − NYMed (2012) - New York-Presbyterian Hospital (Weill Cornell and 12 12 Columbia University Medical Center campuses) and Lutheran Medical Center − Boston Med (2010) - Massachusetts General Hospital, Brigham & FULL SERVICE Women’s Hospital and Boston Children’s Hospital − Hopkins (2008) − Hopkins 24/7 (2000) § New York Times Company/Discovery’s Learning Channel − Trauma: Life in the ER* (1997 -2002); Paramedics (1998 -2002); Code Blue (2000 -2002) 33
History of HIPAA Enforcement Actions § New York Presbyterian Hospital / NYMed − Patient was filmed for NY Med while dying in April 2011 − Neither patient nor family gave consent to filming INDICATED NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER − Doctor was recorded while telling family news of patient’s 12 12 death – family did not know doctor was miked* − Patient’s image was blurred in the broadcast FULL SERVICE FULL 2012, recognized her SERVICE − Widow saw broadcast in August husband − In addition to filing an OCR complaint in January 2013, family filed complaints with other agencies and accreditors and sued New York Presbyterian 34
History of HIPAA Enforcement Actions § New York Presbyterian Hospital / NYMed − May 29, 2013 letter from OCR to patient’s son • INDICATED MUTATION; 12 FULL SERVICE • “Your allegation that NYP impermissibly disclosed your father’s PHI to the INDICATED NON-INDICATED public without your father’s or family’s permission or authorization MUTATION; UNDER MUTATION; 12+ MUTATION; UNDER because the episode aired on TV, even if fully substantiated does not 12 12 violate the Privacy Rule…In a telephone conversation with an OCR staff member on April 18, 2013, you stated that your father’s face was digitally blurred and that the family’s faces were not shown. You further stated FULL SERVICE that your father’s name or any family’s names were not mentioned on the show. OCR viewed the DVD and determined that NYP did not impermissibly disclose your father’s PHI to the public. ” “After careful consideration, OCR has determined that it will pursue action in your complaint regarding your allegation that on April 28, 2011, NYP impermissibly disclosed your father’s PHI to a film crew and other staff from a reality TV miniseries without your father or your family’s permission or authorization. ” 35
History of HIPAA Enforcement Actions § Boston hospitals / Save My Life: Boston Trauma − October 10, 2014: Boston Globe “ABC News shooting documentary series in local hospitals” INDICATED NON-INDICATED MUTATION; 12 MUTATION; UNDER 12 MUTATION; 12+ MUTATION; UNDER 12 − Fall 2014 – early 2015: Filming at Boston Medical Center, Massachusetts General Hospital, Brigham & Women’s Hospital FULL SERVICE 36
History of HIPAA Enforcement Actions – Jan 2015 INDICATED MUTATION; 12 FULL SERVICE INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ HTTPS: //TWITTER. CO M/NYTIMES/STATUS /55142525382270566 4 FULL SERVICE 37
History of HIPAA Enforcement Actions § Boston hospitals / Save My Life: Boston Trauma − January 12, 2015: Boston Globe: “Patient impact a worry with TV crews in Boston ERs” INDICATED MUTATION; 12 INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ HTTPS: //TWITTER. CO M/NYTIMES/STATUS /55142525382270566 4 “Flier said that after reading the Pro. Publica article, he spoke with the president of Partners Health. Care, the system that includes Mass. General and Brigham, and with the director of clinical ethics at Harvard FULL SERVICE Medical School. After those discussions, Flier said he was reassured…“This [filming] could be done in a way that is entirely beneficial to health education and not violate anybody’s rights, ” he said. ” − OCR compliance review was initiated on January 26, 2015 based on January 12, 2015 Boston Globe article (BMC) − Filming is complete in January 2015 − OCR data request (i. e. , notification of investigation) arrives in March 2015 (BMC) 38
History of HIPAA Enforcement Actions § New York Presbyterian Hospital / NYMed − April 21, 2016: OCR settlement announced • $2. 2 Million INDICATED • OCR press release MUTATION; 12 FULL SERVICE NON-INDICATED MUTATION; 12+ NON-INDICATED MUTATION; UNDER ― “…egregious disclosure of two patients’ protected health MUTATION; information (PHI) to 12 12 film crews and staff during the filming of “NY Med, ” an ABC television series, without first obtaining authorization from the patients. In particular, OCR found that NYP allowed the ABC crew to film someone who was dying and another person in significant distress, even after a medical professional urged FULL SERVICE the crew to stop. ” ― “OCR also found that NYP failed to safeguard protected health information and allowed ABC film crews virtually unfettered access to its health care facility, effectively creating an environment where PHI could not be protected from impermissible disclosure to the ABC film crew and staff. ” • No admission/concession • CAP − Simultaneously, OCR issues FAQ on media access to PHI 39
History of HIPAA Enforcement Actions § Boston hospitals / Save My Life: Boston Trauma − September 20, 2018: OCR settlement announced • BMC: $100, 000, BWH: $384, 000, and MGH: $515, 000 INDICATED NON-INDICATED • OCR press release: “Patients in hospitals expect to encounter doctors MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER FULL SERVICE and nurses when getting treatment, not film crews recording them at their 12 12 most private and vulnerable moments, ” said Roger Severino, OCR director. “Hospitals must get authorization from patients before allowing strangers to have access to patients and their medical information. ” − No admission/concession FULL SERVICE • Further, “BMC denies that it impermissibly disclosed PHI and contends that it had proper consent for the filming. ” − CAPs vary among the three institutions 40
Summary of OCR’s April 2016 Guidance § Health care providers cannot invite or allow media personnel, including film crews, into treatment or other areas of their facilities where patients’ PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise make PHI accessible to the media, without prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media. §INDICATED Blurring, pixelation, or. INDICATED voice alteration software is not sufficient because HIPAA does NON-INDICATED not allow media access to the patients’ PHI, absent an authorization, in the first place. MUTATION; UNDER MUTATION; 12+ MUTATION; 12 MUTATION; UNDER 12 12 § Reasonable safeguards must be in place to protect other PHI that may be in the area but for which an authorization has not been obtained. § Media may enter areas of their facilities that are otherwise generally accessible to the FULLpublic, which may include public waiting areas or areas where the public enters or exits SERVICE FULL SERVICE the facility. § Exceptions for BAs (contract film crews), location/condition requests, help with identifying patients. § Finally, covered entities can continue to inform the media of their treatment services and programs so that the media can better inform the public, provided that, in doing so, the covered entity does not share PHI with the media without the prior authorization of the individuals who are the subject of the PHI. 41
What PHI is Visible/Audible in a Hospital? § OCR’s April 2016 guidance should not be a surprise with regards to authorization for filming, or broadcasting PHI – guidance around the presence of media requires interpretation and could pose more challenges INDICATED NON-INDICATED MUTATION; 12 MUTATION; UNDER 12 MUTATION; 12+ MUTATION; UNDER 12 § “prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the FULLmedia” SERVICE FULL SERVICE § “PHI …accessible in written, electronic, oral, or other visual or audio form” 42
Reasonable Safeguards and Incidental Disclosures 45 CFR 164. 530(c) (1) Standard: Safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information. (2)(i) Implementation specification: Safeguards. A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart. (ii) A covered entity must reasonably INDICATED NON-INDICATED safeguard protected health information to limit incidental uses or disclosures made pursuant to an otherwise NON-INDICATED MUTATION; UNDER MUTATION; 12+ MUTATION; 12 permitted or required use or disclosure. MUTATION; UNDER 12 12 Excerpt from OCR Guidance on Reasonable Safeguards (2002) The Privacy Rule does not prohibit covered entities from engaging in the following practices, where reasonable precautions have been taken to protect an individual’s privacy: FULL SERVICE § § Maintaining patient charts at bedside or outside of exam rooms, displaying patient names on the outside of patient charts, or displaying patient care signs (e. g. , “high fall risk” or “diabetic diet”) at patient bedside or at the doors of hospital rooms Possible safeguards may include: reasonably limiting access to these areas, ensuring that the area is supervised, escorting non-employees in the area, or placing patient charts in their holders with identifying information facing the wall or otherwise covered, rather than having health information about the patient visible to anyone who walks by 43
How Should We Think About. . . § A reality-style news show with weeks or months of filming § A local television or print news story INDICATED NON-INDICATED § A tour for potential donors/board members MUTATION; UNDER MUTATION; 12+ MUTATION; 12 12 § A visit by a local sports star or other celebrity FULL SERVICE NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 44
How Should We Think About. . . § A reality-style news show with weeks or months of filming § A local television or print news story INDICATED MUTATION; 12 INDICATED MUTATION; UNDER 12 NON-INDICATED MUTATION; 12+ § A tour for potential donors/board members § A visit by a local sports star or other celebrity FULL SERVICE NON-INDICATED MUTATION; UNDER 12 FULL SERVICE 45
Practical Tips § Policies to consider: − Clinical filming − Filming for education and research − Other filming: news media, patients filming their visits, surveillance INDICATED cameras MUTATION; UNDER MUTATION; 12 − Social media 12 § Confidentiality agreements and provisions for location agreements §FULLStaff education SERVICE § Protocols for prepping space and escorting media § *Develop a relationship with your Communications/Media Relations/Social Media/Marketing team* NON-INDICATED MUTATION; 12+ FULL SERVICE 46
Questions? § Feel free to contact me for more information: – Iliana Peters: ipeters@polsinelli. com – 202 -626 -8327 47
Polsinelli PC provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. Nothing herein should be relied upon or used without consulting a lawyer to consider your specific circumstances, possible changes to applicable laws, rules and regulations and other legal issues. Receipt of this material does not establish an attorney-client relationship. Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee future results; that every case is different and must be judged on its own merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements. © 2018 Polsinelli® is a registered trademark of Polsinelli PC. In California, Polsinelli LLP. Polsinelli PC, Polsinelli LLP in California | polsinelli. com 48
Healthcare and the healthcare team chapter 2
Healthcare and the healthcare team chapter 2
A framework for clustering evolving data streams
Key evolving signature
Evolving
Evolving design
Learning theories related to health care practice
Applying learning theories to healthcare practice
Hpd enforcement desk bed bugs
Law enforcement night vision
What is dragon assistant 3
Law enforcement information exchange
Law enforcement and emergency services video association
Indiana law enforcement training board
Director of labour market enforcement
Law enforcement information exchange
Calphoto dmv
Elvis law enforcement database
Atlanta code enforcement
Massachusetts association for professional law enforcement
Mto enforcement officer
Law enforcement agencies
Planning enforcement
Florida association of code enforcement
Volusia county permit center
Gst law enforcement
Wenatchee city code
Military and law enforcement
Texas commission on law enforcement
Nfhs holding penalty enforcement
Valeap
National enforcement body
Law enforcement first responder
Leads 2000
Njdep ust guidance
Fines enforcement number
Asean wildlife enforcement network
Military and law enforcement
Second line enforcement adalah
Psk foul
Nllea
Planning enforcement officers association
Tec traffic enforcement centre
Law enforcement mental health and wellness act
Law enforcement agency
Markscan enforcement
City of columbus code enforcement
Wilmington dmv
Hippocratic oath
