The document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) including its goals, key definitions, and guidelines for law enforcement disclosures of protected health information. HIPAA aims to ensure privacy of patient health records while facilitating healthcare fraud prosecution and insurance portability. It applies to health plans, providers, and clearinghouses that must limit disclosures to the minimum necessary information for the intended purpose. Law enforcement may request information to identify or locate suspects, for medical emergencies, and to report abuse or neglect cases.

1. Understanding HIPAA Presented by: Officer Frank Webb Mental Health Unit Houston Police Department

2. Disclaimer The information provided in this presentation does not constitute legal advice and is intended to be used for guidance only.

3. HIPAA? Helping Impede Police Action & Authority or Health Insurance Portability & Accountability Act

4. HIPAA Also known as the Kennedy-Kassenbaum Act Grew out of the Clinton Health Care Administration

5. HIPAA Goals Insure the confidentiality of patients’ health care information Simplify the prosecution of health care fraud and abuse Make changing jobs easier, while providing better access to health care insurance

6. Examples Chief over ISD Collecting data within an agency HNT Call-Takers not being able to ask about MI

7. Examples Sharing data between police departments Premise histories Your examples?

8. Definitions PHI (Protected Health Information) - All Individually Identifiable Health Information and other information on treatment and care that is transmitted or maintained in any form or medium Use - The sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information

9. Definitions Disclosure - Release or divulgence of information by an entity to persons or organizations outside of that entity Authorization - The mechanism for obtaining consent from a patient for the use and disclosure of health information for a purpose that is not treatment, payment, or health care operations or not for other permitted disclosures

10. Definitions Minimum Necessary - When using PHI, a covered entity must make all reasonable efforts to limit itself to the “minimum necessary to accomplish the intended purpose of the use, disclosure, or request” Health Plan - An individual or group plan that provides, or pays the cost of, medical care

11. Definitions Health Care Provider - Any person or organization that furnishes, bills, or is paid for health care services or supplies (such as EMS, Mental Health, Health Departments, etc.)

12. Definitions Health Care Clearinghouse - A public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements Covered Entities - Those entities that must comply with HIPAA regulations: Health Plans, Health Care Providers, and Health Care Clearinghouses

13. A Health Care Provider Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies

14. A Health Plan Health insurance companies HMOs Company health plans Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs

15. A Health Care Clearinghouse This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa

16. Covered Entities The Privacy and Security Rules apply only to covered entities. If an entity is not a covered entity, it does not have to comply. - U.S. Department of Health & Human Services

17. The Problem The potential for HIPAA problems arises when dealing with agencies that do have to comply with it. Obtaining patient health information Being asked to release patient health information by the press, public or other interested parties

18. Permitted Law Enforcement Disclosures As required by law (court orders, court-ordered warrants, subpoenas) and administrative requests To identify or locate a suspect, fugitive, material witness, or missing person In response to a law enforcement official’s request for information about a victim or suspected victim of a crime

19. Permitted Law Enforcement Disclosures To alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death When a covered entity believes that protected health information is evidence of a crime that occurred on its premises

20. Permitted Law Enforcement Disclosures By a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime. - U.S. Dept. of Health and Human Services

21. Administrative Request Administrative subpoena or investigative demand or other written request from a law enforcement official. Does not require judicial involvement. Must include a written statement the information requested is relevant and material, specific and limited in scope.

22. Necessary to prevent/lessen an imminent threat to health or safety of a person or the public? Disclose minimum necessary to person(s) able to prevent/lessen threat Oregon Health & Science University Integrity Office

23. Requesting PHI to identify or locate a suspect, fugitive, material witness or missing person? Name and address Date and place of birth Social Security number ABO blood type & rh factor Type of injury Date and time of treatment Date and time of death Distinguishing physical characteristics Oregon Health & Science University Integrity Office

24. Necessary to identify or apprehend an individual where it appears the person escaped from custody or correctional institution? Disclose minimum necessary Oregon Health & Science University Integrity Office

25. Is disclosure to report about a victim of abuse or neglect (child, elder, mentally ill/developmentally disabled? Disclose minimum necessary Oregon Health & Science University Integrity Office