Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s] - PowerPoint PPT Presentation

our annual hiv confidentiality update an overview for agency name s in service on confidentiality n.
Skip this Video
Loading SlideShow in 5 Seconds..
Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s] PowerPoint Presentation
Download Presentation
Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s]

play fullscreen
1 / 88
Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s]
Download Presentation
Download Presentation

Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s]

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s] In-service on Confidentiality

  2. Purpose of this In-Service • New York State HIV Confidentiality Law – Article 27-F of the Public Health Law –protects the confidentiality of HIV-related information about people who receive services from most health care or social services in New York. • Our agency is one of the many providers of health or social services in New York that must comply with Article 27-F’sconfidentiality requirements.

  3. Purpose of this In-Service (cont.) • HIPAA (federal law) requires some health care providers [including this agency] to maintain the confidentiality of all “protected health information.” • More . . .

  4. Purpose of this In-Service (cont.) • Both of these laws (and regulations implementing them) require agencies they cover to: • have policies and procedures to ensure compliance with the laws’ privacy protections, and • conduct annual updates on our HIV policies and procedures for all staff.

  5. Purpose of this In-Service (cont.) This is your annual update.

  6. What this presentation covers 1. The laws that protect the confidentiality of HIV information: • Article 27-F of the NYS Public Health Law: HIV Confidentiality Law • HIPAA (if applicable) 2. HIPAA–“patient’s rights” provisions 3. How to respond to client/patient complaints about breach of confidentiality

  7. Have questions? • Speak to supervisor. • If you cannot resolve the question internally, call on these resources: • NYS Department of Health Confidentiality Hotline: 800-962-5065, or • Legal Action Center • ask for “attorney on call” • 212-243-1313 or 800-223-4044

  8. Part 1 Confidentiality of HIV-related Information • Article 27-F of the NYS Public Health Law • HIPAA

  9. Article 27-FWhat is it? New York State law that governs: • HIV testing • HIV confidentiality • HIV case reporting & partner notification (NYS HIV Case Reporting & Partner Notification law is in Public Health Law Article 21, Title III) • This presentation covers the confidentiality provisions, not those concerning testing.

  10. Article 27-F Who is covered? • ANY person or agency who receives HIV-related information about a protected individual: • while providing a covered “health or social service” Examples: health care professionals and health facilities, foster care agencies, school nurses, OR

  11. Article 27-F Who is covered (cont.)? 2.Anyone who receives HIV information pursuant to a proper written release. This means – • if you obtain a client’s HIV information pursuant to his or her signed HIV release form, you must follow Article 27-F. • if you disclose a client’s HIV information pursuant to an HIV release form, the person/agency receiving it must follow Article 27-F too. OR

  12. Article 27-F Who is covered (cont.)? • ANY New York state or local governmental agency that: • provides, supervises or monitors health or social services Examples: DOH, OASAS, OTDA, DOCS, HRA, DSS

  13. Article 27-F Does NOT apply to: • Protected individuals themselves • Persons tested for/diagnosed with HIV or AIDS • Friends, relatives • Courts • Insurers • Federal agencies (military, federal prisons) • Schools (except school health staff) • Employers BUT . . .

  14. But, while Article 27-F may not apply . . . • OTHERlaws protect the confidentiality of information about individuals’ health conditions (including HIV-related) in many circumstances. • Examples: • U.S. Constitutional right to privacy – applies to government (federal, state, local) • Americans with Disabilities Act – applies to employers • Privacy Act – applies to federal government

  15. Recap: Our agency must follow Article 27-F because: [State how & why Article 27-F’s confidentiality requirements apply to this agency, e.g.:] • [we provide covered “health or social services”] • [we receive & disclose HIV-related info about our clients pursuant to written release] • [applicable DOH/AIDS Institute [or other state agency] regulations require us to comply • [applicable DOH/AIDS Institute [or other state agency] contract requires us to comply.

  16. HIPAA: What is it? • Federal law that establishes minimum safeguards to protect the privacy of medical records and other “personal health information” (“PHI”). • Applies to personal health information no matter how it is shared: in electronic, written or oral form.

  17. HIPAA: Who is covered? Covered Entities Are: • Health Care Providers • Health Plans • Health Care Clearinghouses IF they transmit personal health information electronically in order to process payment or make eligibility determinations.

  18. HIPAA: Are we covered? • [State whether this agency – is (or is not) covered by HIPAA.] • Even agencies not covered by HIPAA need to understand its basic requirements because many other agencies they interact with likely are covered by HIPAA.

  19. HIPAA & Article 27-F:Who must comply with both? • Most health care providers in New York State, assuming they transmit health information electronically for purposes of billing or reimbursement.

  20. What happens if both HIPAA & Article 27-F apply? • Follow HIPAA unless Article 27-F is “more stringent” than the HIPAA provision. • “More stringent” means: provides greater privacy protection, or gives individuals more privacy rights. • Article 27-F is usually more protective (stringent) than HIPAA, so you follow Article 27-F.

  21. What’s the Law? The general rule • HIPAA & Art. 27-F generally both prohibit the disclosure of health information about an individual. • HIPAA: covers nearly all personalhealth information (which it calls “protected health information”) • Article 27-F: covers only “HIV-related information.”

  22. Article 27-F:The general rule (cont.) • NO DISCLOSURE: A provider may not disclose any – • HIV-related information obtained while providing health or social service or through a release.

  23. Article 27-F:The general rule (cont.) “HIV-related information” includes – • Had an HIV test (whether positive or negative) • Has HIV infection, HIV related illness or AIDS • Has been treated/is being treated for HIV • Takes medication specific to HIV disease • Is a “contact” of someone with HIV (spouse, sexual or needle-sharing partner)

  24. Article 27-F – General rule Case studies nos. 1 and 3 • What information is protected? • Case study #1 (Jane, the case manager, and her friend Maggie) • In the waiting room • Case study #3 (Don, waiting to be called in for HIV test results) • Cases & issues from staff here?

  25. Article 27-F:The general rule (cont.) • HIV confidentiality law protects – • Not only your clients/patients, but also • Anyone whose HIV-related information you received while providing health or social service – even someone who has had no contact with this agency.

  26. Article 27-F:The general rule (cont.) • You mustalways maintain the confidentiality of this HIV-related information – even after you leave your job here.

  27. “Exceptions” to the General Rule: When Disclosure is Permitted While the general rule is: no disclosure of protected health information, • Both HIPAA & Article 27-F have “exceptions” that allow entities to share HIV information. • Main Article 27-F “exceptions” permitting disclosure are outlined in Article 27-F flow chart (see slide above, and hand-out).

  28. Main Article 27-F exceptions permitting disclosure Exceptions covered by this presentation: • Written Release • Internal communications • Disclosures to health care providers • Partner notification Note: Follow Article 27-F rules governing these exceptions, since it is more “stringent” – provides greater protections – than HIPAA.

  29. Exception #1: Written Release • Requirements for release: • Voluntary • In writing. No oral release! • Revocable at any time. • Revocation can be oral or written • Document it! • Continued. . . .

  30. Written release (cont.) • Use DOH-approved release (complies with Article 27-F and HIPAA) • In hand-outs • Do not have client sign a blank or partially completed form.

  31. Written release (cont.) Who signs the form? • Person whose HIV-related information is being disclosed, if he or she has – “capacity to consent”

  32. Written release (cont.) What is “capacity to consent?” Regardless of age, ability to: • Understand & appreciate the nature & consequences of proposed disclosure AND • Make an informed decision about whether or not to permit the disclosure

  33. Written release (cont.) • Minors (under age 18) can have capacity to consent. No age cut-off. • If minor lacks capacity to consent, the person authorized by law to consent to health care for the minor may authorize disclosure of HIV information about the minor. This may be: • Biological or adoptive parent • Guardian • “Authorized agency” (ACS or DSS) – if court granted the authority

  34. Written release (cont.) Review of this agency’s policies for completing the release form. • How to describe the recipient? • Law does not require listing name(s) of particular employee(s) at recipient agency • May be general, e.g., “my caseworker & other agency staff involved in my benefits claim” at X agency • [This agency’s policy is….]

  35. Written release (cont.) • Completing release form (cont.) • Multi-party releases are permitted. • How to specify expiration date or event? • Release should remain in effect only as long as needed to fulfill specific purpose • More on next slide …

  36. Written release (cont.) • Completing release form (cont.) • AIDS Institute requirement – release form should expire no later than one year from date signed. • Can specify expiration condition “or one year, whichever is first”

  37. Written release (cont.) • Questions about how to complete the release form? • Ask [your supervisor, or designate agency staff responsible] • Useful resources: • DOH Technical Assistance Bulletins • Legal Action Center training materials

  38. No Redisclosure • Person receiving HIV-related information pursuant to release may not redisclose • Person providing HIV related information pursuant to release must provide notice prohibiting redisclosure • See Notice Prohibiting Redisclosure • In hand-outs

  39. Article 27-FCase studies nos. 2 and 4 • Release • Case study #2 (Peaches and client Herb) • Releases • Case study #4 (Joe and client Mary) • Cases & issues from staff here?

  40. Exception #2:Internal communications The rule: agency staff may share HIV related information IF the staff members: • Are authorized to access clients’ HIV related information in agency’s written “need-to-know” protocol; and • Have a reasonable need to know or share the information to carry out their authorized duties.

  41. Internal communications (cont.) • HIPAA has similar “minimum necessary” standard: • Must make reasonable efforts to limit use and disclosure of information to the “minimum necessary” to accomplish the intended purpose

  42. Internal communications (cont.) • Review of this agency’s: • “need to know” list (include job titles and functions justifying access) • categories of information to which they need access • any conditions to or restrictions on their access

  43. Internal communications (cont.) • Review of this agency’s policy for charting HIV-related information: • Article 27-F: must record HIV information in medical record IF required to keep medical record • Charting/record-keeping requirements under regulations that apply to this agency • Where else and how else to record?

  44. Article 27-FCase study no. 5 • Charting HIV information • Case study #5 (Paddy and client Finn) • Cases and issues relating to charting or record-keeping from staff here?

  45. Exception #3: Health Care Providers • May disclose HIV related information – without release – to an outside health care provider or health facility when necessary for that health care provider/facility to know the HIV infoin order to provide appropriate care or treatment to: 1. The protected individual, or 2. His or her child, or 3. His or her contact (spouse, sex or needle-sharing partner)

  46. Disclosures to health care providers (cont.) • Agency with the info – not the outside health care provider – makes the decision whether it is necessary for the outside provider to know the HIV info in order to provide the care or treatment in question. • Document the disclosure.

  47. Disclosures to health care providers (cont.) • It is always preferableto seek & obtain a release even if the disclosure is legally permitted without it. • [Our agency’s policy is … • [obtain a release whenever practicable] • [disclosures without a release under health care provider rule are permitted if/when:_________] • If in doubt, consult with [designated staff responsible for making decisions].

  48. Exception #4: Partner Notification What do you do . . . if your client/patient confides that he is having unprotected sex and has no intention of disclosing his HIV status to his partner?

  49. Partner notification (cont.) The rule: • 1st question: are you a physician? ONLY physicians and special Department of Health staff are permitted to notify identified partners of HIV infected individuals of the partner’s exposure & risk • NO ONE ELSE is permitted to do partner notification (without the HIV+ individual’s specific, written release)