Legal & Regulatory Updates: HITECH and Technology; Closing a Practice; and Legislation re/Prevention...
-
Upload
bryson-cubberley -
Category
Documents
-
view
215 -
download
0
Transcript of Legal & Regulatory Updates: HITECH and Technology; Closing a Practice; and Legislation re/Prevention...
Legal & Regulatory Updates: HITECH and Technology; Closing a Practice; and
Legislation re/Prevention of Violence
ACA Institute for Leadership Training, July 23, 2014
The information presented, including handouts, is for educational purposes and is not intended to be legal
advice. Attendees should seek advice from local counsel regarding
specific legal issues.
Anne Marie “Nancy” Wheeler, J.D.
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 1
HIPAA to HITECH
2
HIPAA/HITECH Rules
Subtitle D, Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, addresses privacy and security concerns re/ electronic transmission of health information and encourages use of health information technologyKey provisions are also applicable to paper
records and oral communication
Final “Omnibus” Rule including “Breach Notification” now in effect (officially released Jan. 25, 2013, effective March 26, 2013, with compliance date for C.E.s and B.A.s of Sept. 23, 2013 – teeth have really grown!)Applies to “covered entities” and “business
associates” if protected health information is breached
“Covered entity” determination: http://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/AreYouaCoveredEntity.html
Business Associate: A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity's workforce (x-ref. slide 9)
© 2007 – 2014 Anne Marie “Nancy” Wheeler, JD
Breach“Breach” defined as the “improper
acquisition, access, use or disclosure of protected health information”
New presumption of breach under the above definition unless a risk assessment by C.E. or B.A. demonstrates a low probability that PHI has been compromisedPrior threshold: significant risk of harm
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 5
Breach Notification (cont’d) If approved encryption or destruction is utilized,
notification is not requiredRisk assessment is required when breach occurs If breach has occurred, notice to affected
individuals (e.g., clients) required; depending on size, breaches require notice or year-end report to HHS and notice to media
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html
http://www.hhs.gov/news/press/2013pres/01/20130117b.html
May need to update workforce training, B.A. contracts, granting clients access to EHRs, etc.© 2007 – 2014 Anne Marie “Nancy” Wheeler, JD
Risk Assessment Four factors to consider in analyzing and deciding
whether to notify individuals: 1) nature and extent of PHI, including types of
identifiers and likelihood of re-identification (e.g., breach involving credit card numbers, SSNs and sensitive clinical information likely would call for notice);
2) who the unauthorized person was who used or received PHI;
3) whether PHI was actually acquired or viewed; and
4) extent to which risk has been mitigated.
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 7
BreachesExamples of breaches possibly requiring
notice:Laptop or smart phone with client records is
lost/stolen (RM Service)Paper medical records dumped (MA
example involving hospitals, pathologists, etc.)
Problems for counselors are real! Do you use a laptop, cell phone, digital copier and/or flash drive with PHI? Do your supervisees use them?
Wall of Shame: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html © 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 8
Business AssociatesCovered entity may be be civilly liable for
business associates who act as CE’s agents (common law of agency applies)
B.A. contracts may need some revision – required by Sept. 23, 2014
definition of business associates also now includes “subcontractors” who perform functions for, or provide services, to a B.A. (other than as a member of the business associate’s workforce)
“conduit” exception (e.g., FedEx, USPS)
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 9
Business AssociatesBusiness Associates now have direct liability
(which they did not have under the original HIPAA rules) for:(1) impermissible uses and disclosures of
PHI(2) failure to provide breach notification to
the covered entity when unsecured PHI is lost or inappropriately accessed
(3) failure to provide access to a copy of electronic PHI to either the covered entity, the individual, or the individual’s designee (whichever is specified in the business associate agreement) © 2007 – 2014 Anne Marie “Nancy” Wheeler, JD
Business Associates(4) failure to disclose PHI where required by
the Centers for Medicare & Medicaid Services (CMS); and
(5) failure to provide an accounting of disclosures of PHI
Liability of B.A. does not mean counselor, as a C.E., will not be liable!
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 11
PenaltiesHITECH Act updates civil and criminal
penalties for C.E.s and B.A.s – fines up to $50,000 per violation, $250,000 for “willful neglect” and up to $1.5 million for repeated violations of a single provision of the law! Although criminal prosecution may not be likely, imprisonment can be for term of up to 10 years!
Be aware of employees’ and supervisees’ actions
© 2007 – 2014 Anne Marie “Nancy” Wheeler, JD
PenaltiesFour Penalty Tiers:
Lowest tier: cases in which entity did not and reasonably could not know of the breach;
Intermediate tier: cases in which entity knew, or by exercising reasonable diligence, would have known of violation, but did not act with willful neglect; and
Highest tier: cases in which the entity “acted with willful neglect” and either corrected the problem within the 30-day cure period, or failed to make a timely correction
Under the new rules, a covered entity’s or business associate’s lack of actual or constructive knowledge is no longer a complete affirmative defense
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 13
PenaltiesWillful neglect will lead to compliance review by
U.S. Dep’t. of Health and Human Services; other behavior may lead to review
HITECH authorizes State Attorneys General to bring civil actions on behalf of state residents for HIPAA violations. They may obtain damages or injunctions and attorneys’ fees may be awarded. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/sag/
Additionally, many states (e.g., TX and CA) have enacted their own privacy breach laws which may or may not encompass breaches of PHI.
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 14
Miscellaneous HITECH Updates
Clients have right to obtain access in electronic form (if EHRs are used)
GINA: Genetic information is now considered protected health information (PHI). Additionally, under the HIPAA Omnibus Rule, which adopts GINA’s definition of “genetic information,” it is now clear that most health plans are prohibited from using or disclosing genetic information for underwriting purposes.
When individuals pay by cash, they can instruct their provider NOT to share Tx information with their health plan
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 15
HITECH
Counselor educators/supervisors: think about how clinical audio/video recordings are protectedEncryption?Storage?Transmission?
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 16
Notice of Privacy Practices: Updated?
If you or your supervisors are CEs, do you have an updated Notice of Privacy Practices? http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html
Remember to compare state law (e.g. – access). Many counselors who are “covered entities” have HIPAA Notice of Privacy Practice but no policies and procedures for privacy and security!
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 17
Private Practice Preparedness: Is This What You Want for Your
Future?
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 18
Overview Action plan and calendar
Sudden death or disability
Assessing readiness for retirement or closing practice when counselor is able
Critical information for records custodian/personal representative
Notice, records, administrative and legal details and resources
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 19
Dealing with Sudden Death, Disability or Incapacity
Problems stem from lack of planning Spouse, significant other, or colleague
is left with no instructionsPsychiatrist examples Vulnerable clients/patients are left with
grief and confusion and often without continuity of care
Potential liability for yourself and your estate
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 20
Dealing with Sudden Death, Disability or Incapacity
Plan for sudden death, disability or incapacity is important, especially for solo practitioners
“Records Custodian” or “Special Administrator” – consider naming person(s) in will, with consentrecords access, forwarding and retention; notice
and referral issuesACA Code of Ethics
Covering Provider(s)ERT and “Bridge Therapist” (A. Steiner)Counselor or other similarly licensed therapistProfessional Will (Loretta Bradley)
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 21
Dealing with Sudden Death, Disability or Incapacity
Clause for inclusion in informed consent documentAdvise clients who will cover practice If not feasible to provide names, explain how
procedure and notice will be accomplished
Written plan re/ steps for custodian and administrator to take
Critical information for records custodian, ERT and personal representative: www.privatepracticepreparedness.com
ACA Podcast: http://bit.ly/ppppodcast© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 22
Retirement on Your Terms
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 23
Issues Pertinent to Emergency or Planned Retirement: Notice
Employees (if applicable)
Clients – 3 months is usually recommended; consult state law on past clients (verbal & written)
Records Custodian
Licensure Board, Professional Associations
Vendors, Utility companies
Social Security Administration (SSA) (if death or disability)
Colleagues © 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 24
Issues Pertinent to Emergency or Planned Retirement: Records
Client access
Release to third party/ another provider
HIPAA, state law and ethics
StorageHIPAA, state law and ethicsPossible corruption of electronic mediaConsider efficacy of technology in 5
years© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 25
RecordsRetention and Destruction
State law and statutes of limitationMedicare/Medicaid false claimsHIPAA documents: min. 6 yearsElectronic records: special concerns
Keep list of records which have been destroyed, including client identities, dates of treatment and dates of destruction
Business record retention: consult attorney/ accountant
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 26
InsuranceProfessional Liability Insurance
Premises or Renter’s Insurance, Life and Disability Insurance
Health Insurance
Other (Umbrella, etc.)
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 27
Other IssuesAdministrative
Sale of practice
Legal Dissolution of Practice
Personal Issues (advance directives, etc.)
www.privatepracticepreparedness.com
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 28
General ResourcesAmerican Health Lawyers Association, A Guide
to Legal Issues in Life-Limiting Conditions (2005).
ACA Code of Ethics (2014)
Caregiver Information: Eldercare Locator, available at www.eldercare.gov.
www.privatepracticepreparedness.com
Wheeler, A.M. and Bertram, B. (2012). The Counselor and the Law: A Guide to Legal and Ethical Practice (6th ed.). Alexandria, VA: American Counseling Association.© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 29
Violence Prediction, Prevention and Liability
Duty to Warn and/or Protect
Case law and statutes (latter often provides immunity to mental health provider)
Statute example (Maryland): http://mgaleg.maryland.gov/2014rs/statute_google/gcj/5-609.pdf
Make sure your supervisees are familiar with state case law and statutes
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 30
Statistics Mass shootings account for <1% of gun deaths
Suicide accounts for 61% of gun fatalities in U.S.
Majority of people with MI never act violently
If MI were eliminated entirely as a risk factor in gun violence, the incidence of gun violence would only go down by 4%!
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 31
Statistics (cont’d)Establishing national database on MI would only
discourage people from Tx
P. Appelbaum: risk of violence among MI with psychotic illnesses appears to be worse in early stages, often before they obtain Tx
Media’s impact – e.g., “Watch our exclusive coverage of the massacre at XYZ HS tonight at 11”
Above summarized from Joel Dvoskin, Ph.D., U Ariz. College of Medicine, in APA/ABA Joint Conference: Confronting Community and Family Violence (May 1-3, 2014)
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 32
Counselor Leaders: Be aware of emerging legislation
http://smartgunlaws.org/gun-policy/
Impact of gun laws on the mentally ill?
School safety?
Specific interactive map to keep track of legislation in your state: http://smartgunlaws.org/tracking-state-gun-laws-2014-developments/
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 33
Gun LegislationA study on firearm storage counseling by family
physicians found that 64% of participants who rec’d verbal firearms storage counseling improved their gun safety
However, FL Stat. § 790.338 prohibited physicians from documenting gun ownership in record; mandated that physicians refrain from asking questions about gun ownership (unless imminent threat to self/others); and prohibited discrimination and harassment of pt. during exam (teeth: discip. Action including revocation or suspension and fines up to $10,000 per offense)© 2007-2013 Anne Marie “Nancy” Wheeler, J.D. 34
Gun Legislation and Case Law
Wollschlaeger v. Farmer: Federal District Court granted injunction on basis of First Amendmenet and interference with doctor-patient; on appeal to 11th Circuit Court of Appeals
Not advocating a particular stance but that counselors be aware of growing gun legislation and possible effect on mentally ill population
Presidential Executive Action to close loopholes
Need to balance safety (including school safety) with rights of MI and possible deterrence if they’re reported to state or federal database
© 2007-2014 Anne Marie “Nancy” Wheeler, J.D. 35
CEU & Insurance DiscountCE credit and a 10% discount on ACA-sponsored professional liability insurance is available by reading Wheeler and Bertram’s The Counselor and the Law (6th Ed.), and passing a test.
For more information and registration http://www.prolibraries.com/counseling/
Successful completion of the exam entitles you to a 10% discount on your ACA-sponsored professional liability insurance renewal for 3 consecutive years. The 10% discount is available for individual policies only and is subject to a $100 minimum premium.
© 2007 – 2014 Anne Marie “Nancy” Wheeler, JD