Question

This week, we have learned about HIPAA, privacy issues, and the concept of a covered entity....

This week, we have learned about HIPAA, privacy issues, and the concept of a covered entity. You may face some of these issues as a health care professional. For our discussion this week find a case study that addresses an aspect of HIPAA or FERPA and helps us to better understand the ways in which these laws are applied and the situations that are covered by either.

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Points:

  • The Privacy Rule applies only to covered entities. Many organizations that use, collect, access, and disclose individually identifiable health information will not be covered entities, and thus, will not have to comply with the Privacy Rule.
  • The Privacy Rule does not apply to research; it applies to covered entities, which researchers may or may not be. The Rule may affect researchers because it may affect their access to information, but it does not regulate them or research, per se.
  • To gain access for research purposes to PHI created or maintained by covered entities, the researcher may have to provide supporting documentation on which the covered entity may rely in meeting the requirements, conditions, and limitations of the Privacy Rule.

The Privacy Rule applies only to covered entities; it does not apply to all persons or institutions that collect individually identifiable health information. It may, however, affect other types of entities that are not directly regulated by the Rule if they, for instance, rely on covered entities to provide PHI. It is important that researchers be aware of how the Rule might affect them in the various types of organizations in which they operate, and what they may have to do in order to continue their research or begin new research efforts on and after the compliance date for the Privacy Rule.

Covered Entities

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.

Researchers are covered entities if they are also health care providers who electronically transmit health information in connection with any transaction for which HHS has adopted a standard. For example, physicians who conduct clinical studies or administer experimental therapeutics to participants during the course of a study must comply with the Privacy Rule if they meet the HIPAA definition of a covered entity.

Health Plan – With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans.
Health Care Clearinghouse – A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “valueadded” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.
Health Care Provider – A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.
Health Care – Care, services, or supplies related to the health of an individual, including (1) preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual that affects the structure or function of the body; and (2) sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

Six golden rules of privacy law

  • FERPA never applies to non-students
  • FERPA only applies when the student’s medical records are released
  • HIPAA doesn’t apply to records covered by FERPA or to student “treatment records”
  • Even if you treat non-students, you’re not bound by HIPAA unless you perform electronic transactions.
  • Student health and counseling centers that do perform electronic transactions for non-students can declare themselves “hybrid”.
  • State laws are applicable whether or not other federal laws apply.
  • MENU

    Jump to navigation

    NueMD An AdvancedMD. company

    You are here

    Home

    /

    Why NueMD?

    /

    Resources

    /

    Blog

    /

    HIPAA and FERPA: Six golden rules of privacy law

    HIPAA and FERPA: Six golden rules of privacy law

    Consider this question. Say the mother of a 22-year old student that you have treated requests to see her daughter’s medical records. The Bursar’s office confirms that the student is listed as a dependent for tax purposes. There seems to be no urgent reason for such a release and the student does not wish to give her mother access. How would you protect the privacy of her information?

    Situations such as this one that require knowledge of privacy laws to resolve successfully are all too common in the average student health center, yet the acronyms HIPAA and FERPA tend to strike fear into the hearts of the staunchest of college health professionals. So much has been written anecdotally on the subject of how complicated and unspecific these laws are that some may be surprised to find that according to legal professionals, the intersections between the laws are generally clear-cut. This article aims to explain which laws apply to you and what you can do to avoid the headaches that ensue from a conflict between your principles as a care provider and the law.


    Six golden rules of privacy law

    • FERPA never applies to non-students
    • FERPA only applies when the student’s medical records are released
    • HIPAA doesn’t apply to records covered by FERPA or to student “treatment records”
    • Even if you treat non-students, you’re not bound by HIPAA unless you perform electronic transactions.
    • Student health and counseling centers that do perform electronic transactions for non-students can declare themselves “hybrid”.
    • State laws are applicable whether or not other federal laws apply

    This is how these rules break down.

    RULE 1: FERPA never applies to non-students
    RULE 2: FERPA only applies when the student’s medical records are released

    The Family Educational Rights and Privacy Act (FERPA) is the older of the two federal privacy laws. Enacted in 1974, one aspect of its governance is the privacy of educational records. There is a popular myth circulating that student medical records fall under the FERPA’s umbrella term “educational records”. In fact, FERPA specifically excludes the treatment records of students in higher education from its definition of educational records (see USC 20, 1232gfor a complete definition). It also excludes employees of an educational institution if they are not students. FERPA does come into play, but only if the records are released to someone outside the health center, whether that is the student, their parents, their professors, or another health provider outside the university, at which point they become “educational records” rather than treatment records.

    It is important to note that it is not the request for the release that brings FERPA into effect. Many student health professionals believe that if a request to see the records is made that is in accordance with FERPA guidelines, they have to release them or be in violation of FERPA. Not so, says Kristine Dunne, BA, EdM, JD, an associate at the Washington, D.C. office of law firm Arent Fox, LLC.

    “It's the release of the records that triggers FERPA,” she explains. “There are no rights extended under FERPA to those medical records until such time as they have been made available to someone other than the treating health professionals, at which point the FERPA protections of student records kick in.”

    Applying this to the example at the beginning of the article, if state law doesn’t require you to release the student’s unreleased medical records to her mother, you are under no legal obligation to do so without a court order. Similarly, even if you think a professor may have a “legitimate educational interest” in requesting a student’s unreleased medical records, you still don’t have to release them.

    FERPA is just one part of the puzzle, however. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is another relevant law that seeks to be the national privacy standard in healthcare. It was updated in 2003 to take into account the trend toward automation and electronic record-keeping. These privacy guidelines have been well publicized and generally uphold the kind of patient confidentiality that most health care providers are comfortable with and there has therefore been a widespread trend in health centers to apply these standards to student medical records, even if they are not legally required. It is important to realize, however, that while its principles of privacy and confidentiality are excellent, in most cases, compliance is not required by law.

    RULE 3: HIPAA doesn’t apply to records covered by FERPA or to student medical records which are made, maintained, or used only in connection with the provision of treatment to the student, and are not available to anyone other than persons providing such treatment.


    RULE 4: Even if you treat non-students, you’re not bound by HIPAA and won't be subjected to an audit unless you transmit healthcare information in electronic form in connection with the submission of claims for payment.

Add a comment
Know the answer?
Add Answer to:
This week, we have learned about HIPAA, privacy issues, and the concept of a covered entity....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Protecting Health Care Privacy The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other...

    Protecting Health Care Privacy The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other things) the privacy of health information. Its Title 2 regulates the use and disclosure of protected health information (PHI), such as billing services, by healthcare providers, insurance carriers, employers, and business associates Email is often the best way for a hospital to communicate with off-site specialists and insurance carriers about a patient. Unfortunately, standard email is insecure. It allows eavesdropping, later retrieval of messages...

  • Attached is the memo that was covered briefly in the lecture video from this week. Open...

    Attached is the memo that was covered briefly in the lecture video from this week. Open the attachment and read the memo. Then, write a better memo, using the principles you learned from the chapter and video (you may completely write a new memo, using information found in the memo.). Hint: a better memo would be MUCH shorter than the original. The key to writing a good memo in this case is to keep in mind how you would want...

  • Will facebook be able to have a successful business model without invading privacy? explain your answer?...

    Will facebook be able to have a successful business model without invading privacy? explain your answer? could facebook take any measures to make this possible? BUSINESS PROBLEM-SOLVING CASE Facebook Privacy: Your Life for Sale Facebook has quickly morphed from a small, niche haps most obviously. Facebook allows you to keep in networking site for mostly Ivy League college stu- touch with your friends, relatives, local restaurants, dents into a publicly traded company with a market and, in short, just about...

  • Respond: Labor Relations Laws: Select two employment laws and discuss ways to ensure that employee and...

    Respond: Labor Relations Laws: Select two employment laws and discuss ways to ensure that employee and labor relations activities are compliant. Note: Refer to the PHR/SPHR textbook or other reliable reference source and review applicable federal and state laws affecting employment in union and nonunion environments, such as anti-discrimination laws, sexual harassment, labor relations, and privacy. Privacy is a big part of my job. I help clients get government assistance, like health insurance and food stamps. These clients are my...

  • Please read the article and answer about questions. You and the Law Business and law are...

    Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...

  • The Mayo clinic is one of the most respected names in medicine world. Founded in the...

    The Mayo clinic is one of the most respected names in medicine world. Founded in the 1880s in Rochester, Minnesota, the Mayo clinic embraced innovation from the beginning. It is believed to be America’s first integrated group practice as it employed the concept of coordinated, specialized care and sought out the best expertise. At the core of the Mayo culture, from its inception to today, is a team approach and physician decision making rooted in shared responsibility and consensus building....

  • Nursing Facilities Case: Mary Mary is a resident in a nursing facility—and has been for the...

    Nursing Facilities Case: Mary Mary is a resident in a nursing facility—and has been for the past 5 of her 87 years. Most of the time, she is withdrawn into her own little world, although she shows occasional signs of being alert to her surroundings, sometimes appearing to be confused by them. Her physical appearance is generally good. She is neat and clean, more due to the care and effort of the facility staff than to her own efforts. Her...

  • Paragraph One- Introduce your primary source "Chapter" (Economics of Public Issues, Miller et.al, 2014) claims....introduce the...

    Paragraph One- Introduce your primary source "Chapter" (Economics of Public Issues, Miller et.al, 2014) claims....introduce the main point of the chapter and explain: Why should we care? How will this topic, issue, problem affect us? Or more to the point, who will benefit from knowing more about this issue, situation, problem. Why is this an important topic, issue, or problem? Paragraph Two Introduce the main points of your research. Make sure you give credit to at least two other sources....

  • Distinguishing Between Inferences and Assumptions To be skilled in critical thinking is to be able to...

    Distinguishing Between Inferences and Assumptions To be skilled in critical thinking is to be able to take one’s thinking apart systematically, to analyze each part, assess it for quality and then improve it. The first step in this process is understanding the parts of thinking, or elements of reasoning. These elements are: purpose, question, information, inference, assumption, point of view, concepts, and implications. They are present in the mind whenever we reason. To take command of our thinking, we need...

  • Using the book, write another paragraph or two: write 170 words: Q: Compare the assumptions of...

    Using the book, write another paragraph or two: write 170 words: Q: Compare the assumptions of physician-centered and collaborative communication. How is the caregiver’s role different in each model? How is the patient’s role different? Answer: Physical-centered communication involves the specialists taking control of the conversation. They decide on the topics of discussion and when to end the process. The patient responds to the issues raised by the caregiver and acts accordingly. On the other hand, Collaborative communication involves a...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT