Banks and the Privacy of Medical Information

Similar documents
IHDE BUSINESS ASSOCIATE AGREEMENT (BAA)

THE GRAMM-LEACH-BLILEY ACT FOR INDEPENDENT SCHOOLS

Is There Such a Thing as Legal Credit Repair?

The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees

Sample Privacy Notice for Agencies in States with the 1982 NAIC Privacy Model *

Privacy Policy Training

PRIVACY STANDARDS OVERVIEW

VIII 6.1. VIII. Privacy FCRA. Fair Credit Reporting Act 1. Introduction. Structure and Overview of Examination Modules.

PRIVACY OF CONSUMER FINANCIAL INFORMATION NEW FINAL RULES. By Russell J. Bruemmer and Franca E. Harris *

SEC PROPOSES AMENDMENTS TO REGULATION S-P TO SAFEGUARD CUSTOMER PRIVACY

Privacy Compliance for SEC-regulated Entities

Marketing This authorization authorizes marketing activities for which this medical practice will will not receive direct or indirect compensation.

HIPAA PRIVACY AND SECURITY AWARENESS

Case KG Doc 142 Filed 09/23/15 Page 1 of 23 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE : : : : : : : : Chapter 11

Privacy Notice. HEALTHY PAWS PET INSURANCE, LLC As of August 2017 OUR PRIVACY POLICIES AND PRACTICES

Last Approval Date: April 2017

REF STANDARD PROVISIONS

Gramm Leach Bliley and Privacy Notices: Obligations of Originators/Brokers and Funders in connection with the Placement of a Lease?

HIPAA Privacy Release Form

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

HIPAA Policy Minimum Necessary Use December 1, 2015

The Gramm-Leach-Bliley Act and its Impact on the Discovery of Customer Lists and Policyholder Files. By Edgar M. Elliott, IV

AUTHORIZATION TO RELEASE PROTECTED HEALTH INFORMATION


PRIVACY NOTICE (GRAMM-LEACH-BLILEY ACT) Does Modern Home share? For joint marketing with other financial companies No We don t share

The Service Provider/Joint Marketing Exception To The GLBA Opt-Out Requirement

Compliance with State and Federal Laws

Implementing the Obligations of the Gramm-Leach-Bliley Act The NAIC Model for State Privacy Regulation

The California Consumer Privacy Act of 2018

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA PRIVACY MONITORING REQUIREMENTS

Financial Institution Letters

GAO SOCIAL SECURITY NUMBERS. Private Sector Entities Routinely Obtain and Use SSNs, and Laws Limit the Disclosure of This Information

Calif. Consumer Privacy Act: 6 Considerations For Banks

USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.

Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

On XACML s Adequacy to Specify and to Enforce HIPAA

Are you in the correct place?

LIMITED DATA SET REQUEST AND DATA USE AGREEMENT

Privacy and Data Breach Protection Modular application form

Cyber, Data Risk and Media Insurance Application form

MEMORANDUM. Background

University Information Classification Standards. Florida State University Information Security and Privacy Office (ISPO)

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

U.S. Private-sector Privacy Certification

Rule. Research Changes to the Privacy Rule and GINA. Heather Pierce, JD, MPH Senior Director and Regulatory Counsel, Scientific Affairs

Electronic Health Care Payments

ACC Compliance and Ethics Committee Presentation February 19, 2013

Introduction to Financial Privacy for Non-Financial Services Companies

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

THE HIPAA PRIVACY RULE: Minimally Necessary Disclosure of Protected Health Information

Frequently Asked Questions (FAQ) on the Interstate Insurance Product Regulation Compact

TITLE: Appropriate Use and Disclosure

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Specialty Markets New Group Submission Form

UNIVERSITY POLICY. Access of Individuals to Their Protected Health Information. Adopted: 01/23/2003 Reviewed: 3/11/2016

Gramm-Leach-Bliley Act 15 USC, Subchapter I, Sec Disclosure of Nonpublic Personal Information

LightHouse HEALTHCARE POLICY MANUAL

AFFILIATION AGREEMENT

Cybersecurity, Privacy and Communications Webinar: Financial Privacy Primer

I. Are you covered by the Privacy Regulation?

Participant Webinar: DURSA Amendment Summary. March 23, 2018

Fair and Accurate Credit Transactions Act Regulations: Disclosure, Opt-Out Rights, Medical Information Usage, and Consumer Information Disposal

The Privacy Rule. Health insurance Portability & Accountability Act

Navigating the New Oversight OCC Guidelines. Kevin Larson Brett Bowers

HIPAA s Medical Privacy Standards:

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

NCVHS. May 15, Dear Madam Secretary,

Ra m sd ell P ed iatrics, I nc.

Federal Reserve Board Issues Comprehensive Affiliate Rules Under Sections 23A and 23B of Federal Reserve Act

HIPAA Privacy Rule. Positive Changes Affecting Hospitals Implementation of the Rule Melinda Hatton -- Oct. 31, 2002

HIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards

An Overview of the Background Check System

1 Security 101 for Covered Entities

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Are They Actually Any Different? Comparing Thousands of Financial Institutions Privacy Practices

Definitions: Policy: Procedure:

NEW CUSTOMER SETUP All fields must be filled out, any supporting documents must be forwarded with request form. City: State: Zip:

Bank Regulatory Practice

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Hybrid Entity Policy ISUPP 10010

HIPAA Summit ACA Operating Rules Update. NACHA The Electronic Payments Association

University of Wisconsin-Madison Policy and Procedure

HIPAA and Payment Reform ACOs, Medical Home, Bundled Payments and Exchanges

HIPAA and Lawyers: Your stakes have just been raised

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

Limited Data Set Data Use Agreement For Research

Children s Hospital of Philadelphia SOP 707 Page Effective Date: Title: Requirements for and

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

(if parent/guardian)

BREACH MITIGATION EXPENSE COVERAGE

Ch. 146b PRIVACY OF CONSUMER b.1. CHAPTER 146b. PRIVACY OF CONSUMER HEALTH INFORMATION

University Data Policies

UNIVERSITY POLICY. Adopted: 11/1/2016 Reviewed: 11/1/2016. Revised: Contact:

UNITED STATES CODE TITLE 15. COMMERCE AND TRADE CHAPTER 94--PRIVACY SUBCHAPTER I--DISCLOSURE OF NONPUBLIC PERSONAL INFORMATION

HIPAA and Payment Reform ACOs, Medical Home & Bundled Payments

Federal Deposit Insurance Corporation RIN 3064-AC81

HIPAA Transactions: Requirements, Opportunities and Operational Challenges HIPAA SUMMIT WEST

From Law360: Outsourcing Transactions In The Insurance Industry

Transcription:

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Health Policy Institute Georgetown University 202-687 687-0880

Public Concerns 95% adult Americans do not want banks to have access to their medical record information without their permission.* * Gallup Organization nation-wide poll, August 2000, available at: http://forhealthfreedom.org/gallupsurvey/index.html 2

Information Networks: HIPAA & GLBA Affiliate Affiliate Affiliate Affiliate PHI PHI Banks PHI PHI PHI Protected Health Info. (PHI) Health Health Care Care Provider Provider Health Plan 3

Public Concerns Increased access to identifiable health information by banks + Increase in bank-insurer affiliations + More sophisticated computer technology + Potential financial incentive. Concerns about banks obtaining and using health information for consumer credit decisions & sharing health information with affiliates 4

Goal: Protect Privacy of Health Info. as It Flows through the System Banks PHI Claim for payment Health Health Care Care Provider Provider Protected Health Info. Health Plan 5

Primary Laws Health Insurance Portability and Accountability Act of 1996 (HIPAA) Gramm-Leach Leach-Bliley Act (Financial Services Modernization Act) 1999 Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Amendments to Fair Credit Reporting Act 6

HIPAA & Banks Are banks covered by HIPAA? What activities of banks, if any, make them health care clearinghouses covered by HIPAA? 7

Processing Consumer Payment Info. Does Not Make a Bank a HIPAA Clearinghouse NOT Info. 3d Party or Affiliates Bank Credit Card Co. Checks or Credit Card Payments Patient Checks or Credit Card Payments Health Care Provider 8

Processing 3d Party EFT Does Not Make a Bank a HIPAA Clearinghouse NOT EFT Bank Bank EFT Claim for payment Health Care Provider Health Plan 9

Does Processing ERAs Make a Bank a HIPAA Clearinghouse? NOT Sec. 1179 Exemption? Info. Bank ERA Bank ERA Identifiable Health Info. 3d Party or Affiliate Claim for payment Health Care Health Care Provider Health Plan 10

Sec. 1179 PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL INSTITUTIONS SEC. 1179. To the extent that an entity is engaged in activities of a financial institution (as defined in section 1101 of the Right to Financial Privacy Act of 1978), or is engaged in authorizing, processing, clearing, settling, billing, transferring, reconciling, ng, or collecting payments, for a financial institution, this part, and any standard adopted under this part, shall not apply to the entity with respect to such activities, including the following: (1) The use or disclosure of information by the entity for authorizing, processing, clearing, settling, billing, transferring, ng, reconciling, or collecting, a payment for, or related to, health plan premiums or health care, where such payment is made by any means, including a credit, debit, or other payment card, an account, check or electronic funds transfer. 42 USCS 1320d-8 * * * 11

Issue If banks are exempt from HIPAA under 1179, to what extent is medical information held by banks protected by other laws? 12

GLBA Designed to encourage affiliations between banks and other financial institutions Applies only to consumer & customer financial information, not commercial transactions Privacy provisions establish limits on sharing financial information (which may contain medical info.) 13

GLBA Limits Sharing Consumer Payment Info. Notice & Opt Out Notice Information Information 3d Party Bank Affiliates Checks or Credit Card Payments Checks Credit Patient Health Care Provider 14

GLBA Does Not Prohibit Banks from Using Consumer Payment Info. NOT Checks or Credit Card Payments Bank Credit Card Co. Patient Checks or Credit Card Payments Health Care Provider 15

GLBA Doe Not Prohibit Banks from Using or Sharing Info. from Commercial Transactions 3d Party Affiliates Not by GLBA Bank ERA Bank ERA Identifiable Health Info. Claim for payment Health Care Health Provider Care Provider Health Plan 16

Intent of FACT Act Fill some of gaps in privacy protections in: HIPAA GLBA Within context of consumer credit protections 17

FACT Act Prohibits obtaining & using medical information for consumer credit decision purposes except where banking agencies determine it is necessary and appropriate to protect legitimate operational, transactional, risk, consumer and other needs Consistent with intent to restrict use of medical info. for inappropriate purposes 18

Regulations Drafted by Banking Agencies that Allow Using Info. for Credit May be Narrow... Checks Credit Patient ERA Checks Credit Banks EFT Identifiable Health Info. Claim for payment Health Health Care Care Provider Provider Health Plan 19

or Broad Checks Credit Patient ERA Checks Credit Banks EFT Identifiable Health Info. Claim for payment Health Health Care Care Provider Provider Health Plan 20

FACT Act Does Not Prohibit Using Payment Info. for Insurance, Marketing or Other Purposes NOT ERA Checks Credit Patient Bank EFT Bank ERA Checks Credit EFT Claim for payment Health Health Care Care Provider Provider Health Plan 21

Limits on Sharing Medical Info. Are Not Clear Under best circumstances, permits banks to share medical info. with affiliates for any purpose: Permitted without authorization under Privacy Rule or Referred to under Section 1179 22

Conclusion If banks are fully exempt under Sec. 1179, the medical information that they receive is not fully protected by other laws. 23

The End

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback