Legal Frameworks

Question 1

What are the three parts of HIPAA

Answer 1

Privacy Rule, Security Rule, and Breach notification

Question 2

What is a group health insurance plan

Answer 2

Plans offered by employers to employees and their families

Question 3

When was HIPPA established? Broadly, what is its’ purpose?

Answer 3

established in 1996, required the US Department of Health and Human Services to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security

Question 4

What are the three major components of The Privacy Rule? Give examples of health info that is protected.

Answer 4

simply: makes rules for sharing and protecting ALL (electronic and physical) PHI
provides federal protection for individually identifiable health information; 3 major components: how data is protected, when it can be disclosed, and pt’s rights to this info

“minimum necessary info” rule
ex: info in a pts health records, billing info, zip code, birthday and name, convos with care providers, phone numbers, email addresses, admission/discharge dates, biometric identifiers, photos, IP addresses

DOES NOT include de-identified health info

Question 5

Describe the three major components of The Privacy Rule

Answer 5

1. data protection: aka “the security rule” establishes national security standards for health info in the electronic form. Applies to “covered entities”: health plans, most HCPs, business associates and subcontractors of covered entities, healthcare clearinghouses
2. disclosure: permitted for tx, care, and payment. Can be disclosed to others involved in pt care w permission, to protect the public’s health (contagious conditions), and police reports (ex: gunshot wounds)
3. pt rights: have the right to see and obtain a copy of your health records, have corrections added, receive notice of how your info is used and shared, provide a report on when and why info was shared, can file a complaint with the health provider, insurer, or US government

Question 6

What does the portability section of HIPAA provide

Answer 6

rules for continuity in health insurance coverage for individuals and their families if they change jobs. Limits restrictions that a group health plan can place on preexisting conditions

summary: if you switch jobs and insurance plans, they have to cover any preexisting conditions you have so long as there wasn’t more than a 63-day gap in coverage

Question 7

What types of organizations do NOT have to follow the privacy and security rules associated with HIPAA

Answer 7

Life insurers, workers comp carriers, CPS, schools, law enforcement
However, HCPs still cannot release the information to the above without authorization from the pt

Question 8

What is the Omnibus rule

Answer 8

introduced protected genetic info into HIPAA
“genetic test”, under HIPAA, does NOT include analysis of proteins or metabolites
info about a pt’s genetic tests includes the FMs and their results, manifestation of a dz, and genetic services
genetic info includes info about a fetus w respect to a pregnant person AND embryos for those using ART

Question 9

What does the HIPAA security rule cover

Answer 9

Only applies to e-PHI
requires covered entities (hospitals) to implement 3 types of safeguards: administrative, physical, and technical

Question 10

What is the administrative safeguard in the HIPAA security rule

Answer 10

a designated security official is required (security personnel)
information access management: authorizing access to e-PHI only when appropriate based on the user or recipient’s role
workforce training and management: hospital staff must be trained to work with e-PHI and have rules for violation of policies and procedures

Question 11

What is the physical safeguard in the HIPAA security rule

Answer 11

keycard access- facility access and control
workstation and device security- automatic log off with computers

Question 12

What is the technical safeguard in the HIPAA security rule

Answer 12

user authentication: all users have individual passwords/role-based access to e-PHI
audit controls: logging user activity and access to EHR
integrity controls: data backups; making sure data is not unintentionally changed
transmission security: data encryption

Question 13

What must occur if data is breached?

Answer 13

breach notification commenced
notify pts and HHS (health and human services) less than or equal to 60dys after info is used/accessed without permission
notify the media if more than 500 people are affected

Question 14

What is the American Disabilities Act? What does it establish?

Answer 14

prevent discrimination against individuals with disabilities in the workplace and establish standards for accessibility in public
provides some LIMITED protections for genetic discrimination for cancer syndromes to those employed at a place with greater than or equal to 15 employees

if an individual has a genetic dz which causes symptoms that significantly impair one’s ability to perform functions, their dz qualifies as a disability under the ADA
affords them protection from employment discrimination as long as they can perform their job with reasonable accommodations

Question 15

What is PROTECTED under GINA

Answer 15

Individual and group health insurance plans CANNOT:
require ppl to undergo genetic testing for underwriting or enrollment purposes (ex: determining premiums, starting/terminating coverage)
request genetic testing ingo (results, info on genetic assessment services pursued by pt, FH info) for underwriting or enrollment purposes
covers: family medical hx, carrier status, prenatal testing, gene analyses, fetuses, embryos, clinical research, DTC testing
MOST employers cannot do the above from a person for hiring, termination, promotion, or placement decisions

Question 16

Describe circumstances in which GINA does NOT apply/protect against discrimination

Answer 16

most individual and group health insurance plans CAN:
request genetic info for the purpose of determining coverage of a specific procedure/claim (ex: cancer screening, prophylactic sx)
employers w less than 15 persons, military, and federal government
health insurance providers: federal government employees, military, veteran’s admin, Indian health services
other forms of insurance: life insurance, short/long term care, disability
does not include: info about age, sex, smoking status, common blood tests

AN IMPT NUANCE OF GINA IS THAT IT PROVIDES PROTECTIONS AGAINST GENETIC DISCRIMINATION BASED ON USE OF A PERSON’S GENETIC INFO, NOT ON SYMPTOMS OF THEIR DZ

Question 17

What is a manifest condition? What law is it not covered under

Answer 17

a disease manifests when the symptoms of the disease begin, not when a diagnosis occurs.

GINA does not protect manifest conditions

Question 18

What did the ACA (Affordable Care Act) help to reinforce?

Answer 18

strengthened GINA by stating that individuals could not face health insurance discrimination on the basis of a pre-existing health condition (both pre- and symptomatic ppl are protected)

extended Medicaid and set up marketplaces for subsidized insurance plans, aiming to slash the uninsured rate; offered financial aid for insurance to those earning between 100-400% of the poverty line; mandated coverage for a core set of services including emergency and mental health care; required large employers to insure full time workers; eliminated annual and lifetime coverage caps

Question 19

What factors can influence health insurance premiums

Answer 19

state and federal laws, type of insurance, employer size, income level, state of residence, type of community, county of residence, plan type, age, tobacco use