1 / 88

Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s]

Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s] In-service on Confidentiality. Purpose of this In-Service.

ciara
Télécharger la présentation

Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Our Annual HIV Confidentiality Update: An Overview for [Agency Name’s] In-service on Confidentiality

  2. Purpose of this In-Service • New York State HIV Confidentiality Law – Article 27-F of the Public Health Law –protects the confidentiality of HIV-related information about people who receive services from most health care or social services in New York. • Our agency is one of the many providers of health or social services in New York that must comply with Article 27-F’sconfidentiality requirements.

  3. Purpose of this In-Service (cont.) • HIPAA (federal law) requires some health care providers [including this agency] to maintain the confidentiality of all “protected health information.” • More . . .

  4. Purpose of this In-Service (cont.) • Both of these laws (and regulations implementing them) require agencies they cover to: • have policies and procedures to ensure compliance with the laws’ privacy protections, and • conduct annual updates on our HIV policies and procedures for all staff.

  5. Purpose of this In-Service (cont.) This is your annual update.

  6. What this presentation covers 1. The laws that protect the confidentiality of HIV information: • Article 27-F of the NYS Public Health Law: HIV Confidentiality Law • HIPAA (if applicable) 2. HIPAA–“patient’s rights” provisions 3. How to respond to client/patient complaints about breach of confidentiality

  7. Have questions? • Speak to supervisor. • If you cannot resolve the question internally, call on these resources: • NYS Department of Health Confidentiality Hotline: 800-962-5065, or • Legal Action Center • ask for “attorney on call” • 212-243-1313 or 800-223-4044

  8. Part 1 Confidentiality of HIV-related Information • Article 27-F of the NYS Public Health Law • HIPAA

  9. Article 27-FWhat is it? New York State law that governs: • HIV testing • HIV confidentiality • HIV case reporting & partner notification (NYS HIV Case Reporting & Partner Notification law is in Public Health Law Article 21, Title III) • This presentation covers the confidentiality provisions, not those concerning testing.

  10. Article 27-F Who is covered? • ANY person or agency who receives HIV-related information about a protected individual: • while providing a covered “health or social service” Examples: health care professionals and health facilities, foster care agencies, school nurses, OR

  11. Article 27-F Who is covered (cont.)? 2.Anyone who receives HIV information pursuant to a proper written release. This means – • if you obtain a client’s HIV information pursuant to his or her signed HIV release form, you must follow Article 27-F. • if you disclose a client’s HIV information pursuant to an HIV release form, the person/agency receiving it must follow Article 27-F too. OR

  12. Article 27-F Who is covered (cont.)? • ANY New York state or local governmental agency that: • provides, supervises or monitors health or social services Examples: DOH, OASAS, OTDA, DOCS, HRA, DSS

  13. Article 27-F Does NOT apply to: • Protected individuals themselves • Persons tested for/diagnosed with HIV or AIDS • Friends, relatives • Courts • Insurers • Federal agencies (military, federal prisons) • Schools (except school health staff) • Employers BUT . . .

  14. But, while Article 27-F may not apply . . . • OTHERlaws protect the confidentiality of information about individuals’ health conditions (including HIV-related) in many circumstances. • Examples: • U.S. Constitutional right to privacy – applies to government (federal, state, local) • Americans with Disabilities Act – applies to employers • Privacy Act – applies to federal government

  15. Recap: Our agency must follow Article 27-F because: [State how & why Article 27-F’s confidentiality requirements apply to this agency, e.g.:] • [we provide covered “health or social services”] • [we receive & disclose HIV-related info about our clients pursuant to written release] • [applicable DOH/AIDS Institute [or other state agency] regulations require us to comply • [applicable DOH/AIDS Institute [or other state agency] contract requires us to comply.

  16. HIPAA: What is it? • Federal law that establishes minimum safeguards to protect the privacy of medical records and other “personal health information” (“PHI”). • Applies to personal health information no matter how it is shared: in electronic, written or oral form.

  17. HIPAA: Who is covered? Covered Entities Are: • Health Care Providers • Health Plans • Health Care Clearinghouses IF they transmit personal health information electronically in order to process payment or make eligibility determinations.

  18. HIPAA: Are we covered? • [State whether this agency – is (or is not) covered by HIPAA.] • Even agencies not covered by HIPAA need to understand its basic requirements because many other agencies they interact with likely are covered by HIPAA.

  19. HIPAA & Article 27-F:Who must comply with both? • Most health care providers in New York State, assuming they transmit health information electronically for purposes of billing or reimbursement.

  20. What happens if both HIPAA & Article 27-F apply? • Follow HIPAA unless Article 27-F is “more stringent” than the HIPAA provision. • “More stringent” means: provides greater privacy protection, or gives individuals more privacy rights. • Article 27-F is usually more protective (stringent) than HIPAA, so you follow Article 27-F.

  21. What’s the Law? The general rule • HIPAA & Art. 27-F generally both prohibit the disclosure of health information about an individual. • HIPAA: covers nearly all personalhealth information (which it calls “protected health information”) • Article 27-F: covers only “HIV-related information.”

  22. Article 27-F:The general rule (cont.) • NO DISCLOSURE: A provider may not disclose any – • HIV-related information obtained while providing health or social service or through a release.

  23. Article 27-F:The general rule (cont.) “HIV-related information” includes – • Had an HIV test (whether positive or negative) • Has HIV infection, HIV related illness or AIDS • Has been treated/is being treated for HIV • Takes medication specific to HIV disease • Is a “contact” of someone with HIV (spouse, sexual or needle-sharing partner)

  24. Article 27-F – General rule Case studies nos. 1 and 3 • What information is protected? • Case study #1 (Jane, the case manager, and her friend Maggie) • In the waiting room • Case study #3 (Don, waiting to be called in for HIV test results) • Cases & issues from staff here?

  25. Article 27-F:The general rule (cont.) • HIV confidentiality law protects – • Not only your clients/patients, but also • Anyone whose HIV-related information you received while providing health or social service – even someone who has had no contact with this agency.

  26. Article 27-F:The general rule (cont.) • You mustalways maintain the confidentiality of this HIV-related information – even after you leave your job here.

  27. “Exceptions” to the General Rule: When Disclosure is Permitted While the general rule is: no disclosure of protected health information, • Both HIPAA & Article 27-F have “exceptions” that allow entities to share HIV information. • Main Article 27-F “exceptions” permitting disclosure are outlined in Article 27-F flow chart (see slide above, and hand-out).

  28. Main Article 27-F exceptions permitting disclosure Exceptions covered by this presentation: • Written Release • Internal communications • Disclosures to health care providers • Partner notification Note: Follow Article 27-F rules governing these exceptions, since it is more “stringent” – provides greater protections – than HIPAA.

  29. Exception #1: Written Release • Requirements for release: • Voluntary • In writing. No oral release! • Revocable at any time. • Revocation can be oral or written • Document it! • Continued. . . .

  30. Written release (cont.) • Use DOH-approved release (complies with Article 27-F and HIPAA) • In hand-outs • Do not have client sign a blank or partially completed form.

  31. Written release (cont.) Who signs the form? • Person whose HIV-related information is being disclosed, if he or she has – “capacity to consent”

  32. Written release (cont.) What is “capacity to consent?” Regardless of age, ability to: • Understand & appreciate the nature & consequences of proposed disclosure AND • Make an informed decision about whether or not to permit the disclosure

  33. Written release (cont.) • Minors (under age 18) can have capacity to consent. No age cut-off. • If minor lacks capacity to consent, the person authorized by law to consent to health care for the minor may authorize disclosure of HIV information about the minor. This may be: • Biological or adoptive parent • Guardian • “Authorized agency” (ACS or DSS) – if court granted the authority

  34. Written release (cont.) Review of this agency’s policies for completing the release form. • How to describe the recipient? • Law does not require listing name(s) of particular employee(s) at recipient agency • May be general, e.g., “my caseworker & other agency staff involved in my benefits claim” at X agency • [This agency’s policy is….]

  35. Written release (cont.) • Completing release form (cont.) • Multi-party releases are permitted. • How to specify expiration date or event? • Release should remain in effect only as long as needed to fulfill specific purpose • More on next slide …

  36. Written release (cont.) • Completing release form (cont.) • AIDS Institute requirement – release form should expire no later than one year from date signed. • Can specify expiration condition “or one year, whichever is first”

  37. Written release (cont.) • Questions about how to complete the release form? • Ask [your supervisor, or designate agency staff responsible] • Useful resources: • DOH Technical Assistance Bulletins • Legal Action Center training materials

  38. No Redisclosure • Person receiving HIV-related information pursuant to release may not redisclose • Person providing HIV related information pursuant to release must provide notice prohibiting redisclosure • See Notice Prohibiting Redisclosure • In hand-outs

  39. Article 27-FCase studies nos. 2 and 4 • Release • Case study #2 (Peaches and client Herb) • Releases • Case study #4 (Joe and client Mary) • Cases & issues from staff here?

  40. Exception #2:Internal communications The rule: agency staff may share HIV related information IF the staff members: • Are authorized to access clients’ HIV related information in agency’s written “need-to-know” protocol; and • Have a reasonable need to know or share the information to carry out their authorized duties.

  41. Internal communications (cont.) • HIPAA has similar “minimum necessary” standard: • Must make reasonable efforts to limit use and disclosure of information to the “minimum necessary” to accomplish the intended purpose

  42. Internal communications (cont.) • Review of this agency’s: • “need to know” list (include job titles and functions justifying access) • categories of information to which they need access • any conditions to or restrictions on their access

  43. Internal communications (cont.) • Review of this agency’s policy for charting HIV-related information: • Article 27-F: must record HIV information in medical record IF required to keep medical record • Charting/record-keeping requirements under regulations that apply to this agency • Where else and how else to record?

  44. Article 27-FCase study no. 5 • Charting HIV information • Case study #5 (Paddy and client Finn) • Cases and issues relating to charting or record-keeping from staff here?

  45. Exception #3: Health Care Providers • May disclose HIV related information – without release – to an outside health care provider or health facility when necessary for that health care provider/facility to know the HIV infoin order to provide appropriate care or treatment to: 1. The protected individual, or 2. His or her child, or 3. His or her contact (spouse, sex or needle-sharing partner)

  46. Disclosures to health care providers (cont.) • Agency with the info – not the outside health care provider – makes the decision whether it is necessary for the outside provider to know the HIV info in order to provide the care or treatment in question. • Document the disclosure.

  47. Disclosures to health care providers (cont.) • It is always preferableto seek & obtain a release even if the disclosure is legally permitted without it. • [Our agency’s policy is … • [obtain a release whenever practicable] • [disclosures without a release under health care provider rule are permitted if/when:_________] • If in doubt, consult with [designated staff responsible for making decisions].

  48. Exception #4: Partner Notification What do you do . . . if your client/patient confides that he is having unprotected sex and has no intention of disclosing his HIV status to his partner?

  49. Partner notification (cont.) The rule: • 1st question: are you a physician? ONLY physicians and special Department of Health staff are permitted to notify identified partners of HIV infected individuals of the partner’s exposure & risk • NO ONE ELSE is permitted to do partner notification (without the HIV+ individual’s specific, written release)

More Related