Rule. Research Changes to the Privacy Rule and GINA. Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs

Similar documents
HIPAA Omnibus Final Rule and Research

4/5/2013 I. BACKGROUND HIPAA OMNIBUS FINAL RULE. Background. Webinar Series Part II Research and Marketing April 9, 2013

O n Jan. 25, 2013, the U.S. Department of Health

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule

Managing Information Privacy & Security in Healthcare. When an Authorization is Required

HHS, Office for Civil Rights. IAPP October 11, 2012

Tuesday, April 16, :00-2:15 pm Eastern. Presenters. Melissa Markey, Esquire Hall Render Killian Heath & Lyman PC Troy, MI

Compliance Steps for the Final HIPAA Rule

To: Our Clients and Friends January 25, 2013

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013

HITECH/HIPAA (privacy) 2013 Omnibus Final Rule Rita Bowen Senior Vice President of HIM and Privacy Officer HealthPort

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule

HIPAA Basics For Clinical Research

Health Law Diagnosis

Compliance Steps for the Final HIPAA Rule

Management Alert Final HIPAA Regulations Issued

MEMORANDUM. Kirk J. Nahra, or

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

Highlights of the Final Omnibus HIPAA Rule

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

UNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016

Highlights of the Omnibus HIPAA/HITECH Final Rule

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

Compliance. TODAY May Meet Scott Killingsworth. Partner in the Atlanta offices of Bryan Cave LLP. See page 16

Getting a Grip on HIPAA

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

What Brown County employees need to know about the Federal legislation entitled the Health Insurance Portability and Accountability Act of 1996.

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

HIPAA & The Medical Practice

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

Navigating the Legal Issues in Wellness Programs Sponsored by the Payors,, Plans, and Managed Care Practice Group

HIPAA Privacy Rule and Research

Omnibus HIPAA Rule: Impact on Covered Entities

MEMORANDUM TO CLIENTS

New HIPAA Rules and Implications for the Industry January 29, 2013

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Omnibus Rule: HIPAA 2.0 for Law Firms

ACC Compliance and Ethics Committee Presentation February 19, 2013

EEOC Proposed Rule on Incentive-Based Wellness Programs

UNIVERSITY POLICY. Adopted: 11/1/2016 Reviewed: 11/1/2016. Revised: Contact:

Human Research Protection Program (HRPP) HIPAA and Research at Brown

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH

LINKS AND RESOURCES APPLICABLE LAWS EXAMPLES OF MEDICAL CARE. Provided by Ronstadt Insurance, Inc. Workplace Wellness Programs ERISA, COBRA and HIPAA

7 ATLzr UNIVERSITY OF CALIFORNIA. January 30, 2014

O n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report

NEWSLETTER. Volume Nine - Number One January The Final HIPAA HITECH Regulations: Making the Business Case for ERM

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

VOL. 0, NO. 0 JANUARY 23, 2013

HIPAA Final Omnibus Rule Playbook

Federal Group Health Plan Mandates

1.) The Privacy Rule (Part 164, Subpart E)

USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.

Final Regulations Shed Light on Wellness Programs

NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

HIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

University of Wisconsin-Madison Policy and Procedure

New HIPAA-HITECH Proposed Regulations Issued

Workplace Wellness Plan Design Legal Issues

HIPAA Privacy Rule. Positive Changes Affecting Hospitals Implementation of the Rule Melinda Hatton -- Oct. 31, 2002

Fifth National HIPAA Summit West

HIPAA Policy 5032 Statement of Policy on Use and Disclosure of Protected Health Information for Research Purposes

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

IT'S COMING: THE HIPAA/HITECH RULE; WHAT TO EXPECT AND WHAT TO DO NOW [OBER KALER]

HIPAA s Medical Privacy Standards:

COLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB)

Charging Patients for Copies of Their Records: OCR Guidance

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES: A COMPLIANCE SOLUTION FOR THE TICKING CLOCK AND THE DRACONIAN CIVIL AND CRIMINAL PENALTIES

Central Florida Regional Transportation Authority Table of Contents A. Introduction...1 B. Plan s General Policies...4

HIPAA Nondiscrimination Rules

Employee Benefits Compliance Checklist for Large Employers

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA Omnibus Rule Compliance

Privacy & Security in 2011

Workplace Wellness Plan Design Legal Issues

HHS Proposed Rule Modification for the HIPAA Standards for Privacy of Individually Identifiable Health Information (NPRM)

HIPAA Special Considerations: Individual Right to Request Restriction of Uses and Disclosures of PHI Voluntary and Mandatory

Children s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and

THE CLINICAL SKIN CENTER

HIPAA Compliance Under the Magnifying Glass

HTKT.book Page 1 Monday, July 13, :59 PM HIPAA Tool Kit 2017

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

HEALTH LAW ALERT January 21, 2013

Determining Whether You Are a Business Associate

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

HIPAA and Payment Reform ACOs, Medical Home, Bundled Payments and Exchanges

Changes to HIPAA Under the Omnibus Final Rule

Welcome to today s Webinar

HIPAA: Impact on Corporate Compliance

Legislative update. January 2013

Definitions: Policy: Procedure:

Transcription:

HIPAA Omnibus Final Rule Research Changes to the Privacy Rule and GINA Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs February 20, 2013

Research-Related Topics Research Authorizations Future Research Sale of PHI Decedents PHI 2

Conditional and Compound Authorizations Generally: HIPAA has prevented conditioning treatment on the provision of authorization for the use or disclosure of PHI An exception allows for research-related treatment to be conditioned on authorization for use or disclosure of PHI for the research 3

Conditional and Compound Authorizations Generally: HIPAA prohibits combining authorization for use and disclosure of PHI with any other legal permission ( compound authorizations ) An exception allows an authorization ti for research to be combined with informed consent for the same research study Could NOT combine conditioned with unconditioned authorizations Narrow exceptions have resulted in multiple forms for related studies, lack of integration 4

5 Conditional and Compound Authorizations

Compound Authorizations In the Final Rule: A covered entity may combine conditioned and unconditioned authorizations Must clearly identify, differentiate between the two types of components Must allow for opt-in (not opt-out) t) of unconditioned components This approach: Better aligns with practices related to informed consent under the Common Rule Clarifies and simplifies requirements related to biobanking Provides institutions and IRBs with flexibility in streamlining consent and authorization as appropriate 6

Authorization for Future Research Previous Interpretation: HHS had interpreted HIPAA to prohibit authorization for use and disclosure of PHI for unspecified future research Limited individuals ability to participate in future research Created substantial barriers for secondary research Inconsistent with the Common Rule 7

Authorization for Future Research A New Interpretation: Modified interpretation of purpose p of the study to allow future research Through description, it would be reasonable for an individual to expect PHI would be used or disclosed for future research No changes to the language of Privacy Rule Provides flexibility to researchers, IRBs 8

Other Important Points Confirmation that external researchers are not considered business associates Not BA by virtue of performing research Researcher may performing other duties that would be defined as health care operations (such as creating a deidentified limited data set for the covered entity) IRB is not a BA by virtue of reviewing and overseeing research 9

10 Sale of PHI General Rule: Sale of PHI is prohibited absent individual authorization New definition of sale of protected health information Includes direct or indirect remuneration in exchange for PHI Numerous Exceptions Research exception If the only remuneration is a reasonable cost-based fee to cover the cost to prepare and transmit the PHI Finalized as proposed in the NPRM

Sale of PHI Research Impact Not Considered a Sale of PHI: Grants or contracts to perform research, even if PHI disclosure is a byproduct of the activity Payments by research sponsors Federal grant to conduct a program even if reporting of PHI is required to be reported Reasonable Cost-Based Fee Includes direct and indirect costs labor, materials, supplies for generating, storing, retrieving, transmitting; ensuring permissible disclosure; capital and overhead Does not include profit margin Additional guidance from OCR is forthcoming 11

Sale of PHI Research Impact Transition Provisions Apply Covered entities may rely on authorizations received before compliance date, even without required statement Covered entities may rely on IRB waiver of authorization received before compliance date, even if remuneration exceeds new requirements Terms of existing data use agreements may govern use or disclosure of limited it data sets until earliest of renewal, modification, or one year from compliance ce date, even e if disclosure would constitute a sale of PHI 12

Use of Decedents Information Final Rule limits protections of PHI to 50 years after date of death Modifies previous rule, under which decedents had the same protections as living individuals Research exception: research is allowed with certain assurances Final Rule does not impact permitted disclosures under the Privacy Rule 13

Genetic Information Nondiscrimination Act 14

GINA Changes Under HITECH Title I generally prohibits discrimination based on genetic information Applies to health coverage and employment Health coverage context includes limits on: Setting premiums or contributions for group coverage or Medigap Determining eligibility Collecting genetic information Requiring genetic et testing Disclosing genetic information 15

GINA Changes Under HITECH Title I Section 105 requires revisions to the privacy rule Clarifies that genetic information is health information Prohibits group health plans, health insurance issuers, and issuers of Medicare supplemental policies from using or disclosing genetic information for underwriting purposes 16

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback