Get documents about "Law Enforcement Legal Badges - PowerPoint
Description
Law Enforcement Legal Badges document sample
Document Sample
DISCLOSURE OF PATIENT
INFORMATION TO LAW
ENFORCEMENT AGENCIES
Nancy Davis, MS, RHIA
Director or Privacy/Security Officer
Ministry Health Care
Chrisann Lemery, MS, RHIA
HIPAA Compliance Specialist/Security Officer
WEA Trust Insurance
1
OBJECTIVES
Provide an Overview of the Impact of
HIPAA on Disclosures to Law Enforcement
Review “Preemption” Issues: HIPAA vs.
Wisconsin Law
Establish Basic Guidelines on Disclosures
to Law Enforcement
Discuss FAQ’s Regarding Law
Enforcement Disclosures
2
DISCLAIMER
The information provided in this presentation does
not constitute legal advice and is intended to be
used for guidance.
If you require legal advice, please consult with an
attorney.
Seek further guidance for conditions involving
care for HIV, AODA, or mental health conditions.
3
KEY DEFINITIONS
Law Enforcement:
HIPAA defines law enforcement to include any
governmental agency or official authorized to investigate,
prosecute or conduct an inquiry into a potential violation of
law. A law enforcement official is defined as an officer or
employee of any agency or authority of the United States, a
State, a territory, a political subdivision of a State or
territory, or an Indian tribe, who is empowered by law to:
Investigate or conduct an official inquiry into a
potential violation of law; or
Prosecute or otherwise conduct a criminal, civil, or
administrative proceeding arising from an alleged
violation law. 4
DEFINITIONS - Continued
Protected Health Information:
Individually identifiable health information that is created
by or received by the organization, including demographic
information, that identifies an individual, or provides a
reasonable basis to believe the information can be used to
identify an individual, and relates to:
Past, present or future physical or mental health or
condition of an individual.
The provision of health care to an individual.
The past, present, or future payment for the provision of
health care to an individual.
5
INDIVIDUALLY IDENTIFIABLE
INFORMATION
1. Name 7. Social security numbers
2. Geographic subdivisions 8. Medical record numbers
smaller than a State 9. Health plan beneficiary numbers
Street Address 10. Account numbers
City 11. Certificate/license numbers
County 12. Vehicle identifiers and serial numbers,
Precinct including license plate numbers
Zip Code/Equivalent 13. Device identifiers and serial numbers
Geocodes 14. Web universal resource locations
3. Dates, except year (URLs)
Birth date 15. Internet Protocol (IP) address numbers
Admission date 16. Biometric identifiers, including finger
Discharge date and voice prints
Date of death 17. Full face photographic images and any
4. Telephone numbers comparable images
5. Fax number 18. Any other unique identifying number,
6. E-Mail Address characteristic, or code 6
DEFINITIONS - Continued
Minimum Necessary:
That protected health information that is the
minimum necessary to accomplish the intended
purpose of the use, disclosure, or request. The
“minimum necessary” standard applies to all
protected health information whether in paper or
electronic format.
7
REPORTING VS.
DISCLOSING
Reporting Limited to minimal information to
meet mandated reporting requirement
(e.g., demographics, brief description
of injury, etc.)
Disclosing Provision of actual patient health care
records or treatment records.
8
OCR HIPAA GUIDANCE
When does the Privacy Rule allow covered
entities to disclose protected health information
to law enforcement officials?
The Privacy Rule is balanced to protect an individual’s
privacy while allowing important law enforcement
functions to continue. The Rule permits covered entities
to disclose protected health information (PHI) to law
enforcement officials, without the individual’s written
authorization, under specific circumstances.
9
HIPAA GUIDANCE – PERMITTED
DISCLOSURES
Compliance w Court Crime Victim/
Order/Subpoena Perpetrator
Issued by Judge
Child/Adult Victim of
Response to Abuse
Administrative
Request Mandated Reporting
Identification or Suspicious Death
Location of Suspect,
Fugitive, Witness,
Missing Person
10
HIPAA GUIDANCE – PERMITTED
DISCLOSURES – Continued
Prevention of Serious Facilitate Healthcare
and Imminent Threat in Correctional
To Identify or Institutions
Apprehend Escapee Crime on Premise
from Law Off-site Emergency
Enforcement Response
National Security
Purposes
11
PREEMPTION
The HIPAA Privacy Rule provides a Federal floor of
privacy protections for individuals' individually
identifiable health information. State laws that are
contrary to the Privacy Rule are preempted by the Federal
requirements, unless a specific exception applies.
The “key” exception is when the State law relates to the
privacy of individually identifiable health information
and provides greater privacy protections or privacy rights
with respect to such information.
12
WISCONSIN STATUTES
146.81- Addresses general medical/surgical
146.84 health care information
51.30 Addresses health care information
relating to mental health, AODA,
developmentally disabled
252.15 Addresses health care information
relating to HIV testing
13
Competing Considerations
HIPAA: quite liberal in allowing disclosure to
law enforcement
Wisconsin statutes and regulations: not a lot to say
on the subject but generally more restrictive
August 2003 Wisconsin Attorney General letter to
law enforcement/district attorneys
Cooperate with law enforcement
Need for consistent interpretations among law
enforcement, providers, plans, and attorneys
14
HIPAA COLLABORATIVE OF
WISCONSIN
HIPAA Cow
Mission
Participants
15
HIPAA COW LAW
ENFORCEMENT GRID
Comprehensive Project to Provide
Guidance on Disclosures to Law
Enforcement
Collaborative Effort Involving:
Healthcare Providers & Payers
Healthcare Attorneys
State Attorney General’s Office
Law Enforcement Agencies
16
HIPAA COW GRID - Continued
Provides Information on:
HIPAA Reference
State Law Reference
Reporting
Disclosure
Available March 2005 at www.hipaacow.org
Reviewed by all divisions of the Attorney
General’s Office
17
HIPAA COW GRID - Continued
Crimes on Premises Missing Persons
Wounds & Burns Weapons on Premises
Reporting Dangerous Patient or
Perpetrator of a Crime Visitor
Child Abuse Accidents
Elder Abuse Blood Draw
Sexual Assault Victim Deaths
18
DISCLOSURES vs REPORT
If report is required, need to define to whom
and how much
Report does not equal disclosure of record
If no report required, follow “standard
analysis” – next slide
Follow standard analysis for any disclosure
beyond the reportable information
19
STANDARD ANALYSIS
No disclosure unless authorized by patient
OR permitted under interface of HIPAA
and Wisconsin law.
20
VERIFICATION
Health care providers and health care plans need
to establish the identity and authority of law
enforcement officials before disclosing PHI for
any reason.
Ifrequests are made in person, reasonable reliance on ID
badges or official credentials when requests are made in
person is appropriate.
Ifrequests are made in writing, the requests should be
made on official governmental letterhead and substantiate
reasonable reliance.
21
DISCLOSURES OF FACILITY
DIRECTORY INFORMATION
The facility directory is a listing of all
active/admitted patients and serves as an internal
resource for the organization’s staff and health
care providers, as well as an external resource for
patient family, friends, and clergy. Information
disclosed from the facility directory is limited to:
* Patient Name
* Location Within the Facility
*General Condition - One Word Statement
The patient has the right to “opt-out” of the directory.
22
CONDITION DESCRIPTIONS
Undetermined The patient is awaiting physician assessment.
Good Vital signs are stable and within normal limits; patient
is conscious and comfortable; indicators are excellent.
Fair Vital signs are stable and within normal limits; patient
is conscious, but may be uncomfortable; indicators are
favorable.
Serious Vital signs may be unstable and not within normal
limits. Patient is acutely ill. Indicators are
questionable.
Critical Vital signs are unstable and not within normal limits;
patient may be unconscious; indicators are
unfavorable.
23
REPORTING without
AUTHORIZATION
Deaths
Crimes on the Premises
Wounds (Suspicious) and Burns
Gunshot Wounds
Child Abuse
Elder Abuse
Caregiver Misconduct
24
ANIMAL BITES
In general, animal bites are reportable to the
local Public Health Department rather than
to law enforcement. In some counties,
however, the Public Health Department
may have delegated the responsibility for
receiving these reports to the local law
enforcement or other agencies.
25
DEATHS
Reporting: Sheriff, police chief, or coroner/medical
examiner of county where death took place
Information to identify the deceased and
circumstances of the death
Disclosure of Records
Investigating Death:
Coroner/medical examiner
Law Enforcement:
• Patient Health Care Records: Investigating
death in nursing home, CBRF, residential
center, or treatment facility
• Mental Health Records: Investigating death in
treatment facility
26
DEATHS - - Continued
Disclosure of Records
Law Enforcement
If request does not meet the previous
criteria, a court order or authorization from
authorized individual is necessary.
27
WOUNDS & BURNS
Reporting
Mandated circumstances defined for
wounds and burns
Disclosure
Authorization
Court order
Another exception allows the
disclosure
28
WHAT IS A “WOUND” ?
Reasonable minds will differ
Natural inclination: define expansively
when gut tells you to report
Definitely gun shot wound
Other wounds where “reasonable cause to
believe that the wound occurred as a result
of a crime”
29
WHAT IS A “BURN”?
Second or third degree to at least 5% of the
body
Inhalation of superheated air with
respiratory results
“Reasonable cause to believe that the burn
occurred as a result of a crime”
30
CHILD ABUSE
Reporting
Mandatory
Facts and circumstances contributing to
the suspicion of abuse sufficient to
commence an investigation
Disclosure
Record of individual named by law
enforcement
31
ELDER ABUSE
Reporting
Permissive
Sufficient information to commence an
investigation
Disclosure
Record of individual named by law
enforcement
32
PERPETRATORS WITH WOUNDS:
What Analysis Do We Use?
Is it a “wound” that we think occurred as a
result of a crime?
Reasonably?
Then report it!
If not, use standard analysis
33
DOMESTIC ABUSE
If child – see child abuse rules
If elder – see elder abuse rules
All – consider wounds and burns
If none of the above, need authorization or
court order
34
SEXUAL ASSAULT VICTIMS
No mandatory reporting unless also child
abuse - see child abuse rules
Consider whether reportable under other
obligations (elder, caregiver misconduct,
wound, etc.)
To disclose: need authorization or court
order
35
LEGAL BLOOD DRAWS
If Blood or Other Samples are Taken in
Accordance with WI Statutes at the Request of a
Law Enforcement Officer (Individual in Custody),
the Provider is Not Acting in a Patient-
Physician/Nurse Relationship and the Material
Sampled is not PHI.
No Authorization for Disclosure is Required
36
DANGEROUS
PATIENT OR VISITOR
Patient
Report what is necessary to trigger a
Protective Placement or Emergency Detention
(danger to self or others.) Wis. Stat. 51.15
Disclosure needs an authorization or court
order or other statutory exception to law
enforcement.
Visitor
Neither HIPAA or Wisconsin Statutes protect
visitors. There is no PHI, therefore no
limitations on reporting or disclosure. 37
MISSING PERSONS,
SUSPECT, FUGITIVE, ETC.
Patient Health Care Records
May confirm when law enforcement makes inquiry by
patient name, if patient is listed in facility directory.
If patient has “opted out” of facility directory, do not
disclose without patient’s permission.
Disclosure requires authorization
Mental Health Records
Patient authorization needed for reporting and
disclosure unless patient is a court ordered admission or
the patient is on unauthorized absence from treatment
facility
38
CRIME ON THE PREMISES
Physical attacks on people or property, at
CE facility
Drug seeking – false pretenses
Identity theft/fraudulent claims for payment
Miscellaneous – you never know!
39
CRIME ON THE PREMISES
Need WRITTEN request
Legally authorized function
Chapter 51 allows unauthorized disclosure
of limited information from treatment
records for this purpose
Unless another exception fits, court order
or authorization needed for disclosure of
treatment records.
40
IDENTITY THEFT
Identify Theft vs. Identity Fraud
Crime on Premises
Reporting: Name and information related to the
crime
Disclosure:
Patient Health Records: written request for
authorized function
Mental Health Records: authorization or court
order needed unless court ordered placement.
41
EMERGENCY SITUATIONS
In emergency situations, health care providers may rely
on reasonable professional judgment to disclose PHI to
law enforcement agencies/officers, who after exhausting
all other resources, demonstrate a need to know patient
information when investigating an accident or other
circumstance involving a victim. Such information that
may be released to assist law enforcement
agencies/officers would include:
Patient name, age, gender.
Patient demographic information.
Next of kin/emergency contact information.
Patient’s general condition.
42
“MY DOCTOR, THE COP”
Recent Story in Hospitals & Health
Networks by Emily Friedman
Trend in Placing “Policing” Responsibilities
on Healthcare Providers
Defeat of Bill HR 3722 Which Would Have
Forced Hospitals to Collect and Report
Information to the Department of Homeland
Security on Non-US Citizens
43
GUIDING PRINCIPLES
Healthcare professionals are committed to
protect the confidentiality of the patients
they serve.
When there are exceptions to this
protection, they must be well-defined and
justified.
Healthcare professionals do not carry the
role of law enforcement.
44
HIPAA LAW ENFORCEMENT
HEADLINES
“Doctor Arrested After Refusing to Draw Blood
from Homicide Suspect”
Minneapolis Star Tribune, August 2004
“Nurse Accused of Obstructing Deputy”
Milwaukee Journal Sentinel, March 2004
“Two Plead Guilty in Hospital Identity Theft
Case”
Minneapolis Star Tribune, October 2003
45
HIPAA LAW ENFORCEMENT
HEADLINES - Continued
“Mistakes, Oversights Dog Bryant Case”
MSNBC News, January 2004
What Were the Mistakes:
Compromise of patient’s protected health
information by court/providers
Confidential medical information, including
details of mental health condition, turned
over to court/defense team by provider in
error
46
20/20 HINDSIGHT
Upon notification of celebrity, high profile,
problematic case:
Obtain, complete, and sequester record and
specimens
Make and maintain copy of record/store
separately
Limit access/set up audit trails for
record/specimen access/maintain access logs
Consider legal counsel for review of all
requests for disclosure
Account for all disclosures
47
PLAY OFF OF EACH OTHER
48
FREQUENTLY ASKED
QUESTIONS REGARDING:
DISCLOSURES OF PATIENT
INFORMATION TO LAW
ENFORCEMENT
AGENCIES/OFFICIALS
49
FAQ’S
May we confirm the date of discharge on a
patient?
May we report a dangerous patient or visitor?
May we contact local law enforcement if we
suspect a patient is:
An illegal alien?
A suspected drug seeking patient?
Carrying a weapon?
Carrying drugs?
50
FAQ’S
May we contact local law enforcement to
seek assistance with an unidentified patient?
May a healthcare provider disclose the
results of a legal blood draw to the law
enforcement officer who brings the
individual in for the draw?
When and how do we determine the need to
verify a law enforcement officer’s identity?
51
QUESTIONS/DISCUSSION
52
REFERENCE/CONTACT
INFORMATION
Nancy Davis
davisn@ministryhealth.org
Chrisann Lemery
clemery@weatrust.com
HIPAA COW
http://www.hipaacow.org
53
Related docs
